Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC mit ZeuS/ZBot infiziert? Logs liegen vor. (https://www.trojaner-board.de/129658-pc-zeus-zbot-infiziert-logs-liegen.html)

dgl472 16.01.2013 17:05
PC mit ZeuS/ZBot infiziert? Logs liegen vor.
 
Hey,
über Weihnachten war ich bei meinen Eltern und habe dort auch ihren Internetanschluss mit meinem Laptop benutzt.
Heute haben meine Eltern dann einen Brief von der Telekom bekommen, in dem darauf hingewiesen wird, dass ein PC, der diesen Anschluss benutzt oder benutzt hat, mit ZeuS/ZBot infiziert ist.

Jetzt besteht natürlich die Möglichkeit, dass der entsprechende PC meiner ist. Wobei ich die Wahrscheinlichkeit jedoch eher als gering einschätze und glaube, dass es einer meiner Eltern ist.
Trotzdem würde ich gerne Gewissheit haben! Auch um ihnen dann helfen zu können.

Ich wäre also sehr dankbar, wenn sich jmd von euch mal die Logs anschauen und etwas dazu sagen könnte! Möchte ja auch nicht direkt mit Kanonen auf Spatzen schießen.

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.16.03

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
sydney :: SYD-PC [Administrator]

16.01.2013 14:02:30
MBAM-log-2013-01-16 (16-15-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 550794
Laufzeit: 2 Stunde(n), 12 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
OTL logfile created on: 16.01.2013 16:19:09 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Tools\OTL
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 29,72% Memory free
6,19 Gb Paging File | 4,06 Gb Available in Paging File | 65,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,04 Gb Total Space | 27,73 Gb Free Space | 19,80% Space Free | Partition Type: NTFS
Drive D: | 140,00 Gb Total Space | 65,92 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
Drive E: | 8,89 Gb Total Space | 3,82 Gb Free Space | 42,98% Space Free | Partition Type: NTFS
Drive F: | 9,04 Gb Total Space | 8,97 Gb Free Space | 99,20% Space Free | Partition Type: NTFS
Drive H: | 298,02 Gb Total Space | 37,60 Gb Free Space | 12,62% Space Free | Partition Type: FAT32
 
Computer Name: SYD-PC | User Name: sydney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Tools\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Tools\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - D:\Tools\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Dell\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Dell\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Dell\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (BEService) -- C:\Programme\Common Files\BattlEye\BEService.exe ()
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- D:\Tools\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (hidusbf) -- C:\Windows\System32\drivers\hidusbf.sys ()
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: info%40youtube-mp3.org:1.0.4
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.13 09:56:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.13 09:56:32 | 000,000,000 | ---D | M]
 
[2012.05.28 12:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sydney\AppData\Roaming\mozilla\Extensions
[2013.01.08 22:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sydney\AppData\Roaming\mozilla\Firefox\Profiles\t0ibmuz3.default\extensions
[2013.01.08 22:30:46 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\sydney\AppData\Roaming\mozilla\Firefox\Profiles\t0ibmuz3.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.06.07 20:59:40 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\sydney\AppData\Roaming\mozilla\firefox\profiles\t0ibmuz3.default\extensions\info@youtube-mp3.org.xpi
[2012.12.15 13:16:13 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\sydney\AppData\Roaming\mozilla\firefox\profiles\t0ibmuz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.30 18:56:53 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\sydney\AppData\Roaming\mozilla\firefox\profiles\t0ibmuz3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.05.28 12:52:36 | 000,002,454 | ---- | M] () -- C:\Users\sydney\AppData\Roaming\mozilla\firefox\profiles\t0ibmuz3.default\searchplugins\duckduckgo-de.xml
[2012.05.28 12:54:11 | 000,001,610 | ---- | M] () -- C:\Users\sydney\AppData\Roaming\mozilla\firefox\profiles\t0ibmuz3.default\searchplugins\ixquick-https---deutsch.xml
[2013.01.13 09:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.13 09:56:46 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 12:51:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 16:48:19 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 12:51:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 12:51:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 12:51:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 12:51:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Tools\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Dell\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Dell\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Dell\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Dell\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C226E32D-30B0-4EDC-9695-D140F5BF60B4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3872006-2FA4-4830-A364-D575CFFCCDC4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sydney\Pictures\Logos & Wallpaper\Wallpaper\Bushido Jp.jpg
O24 - Desktop BackupWallPaper: C:\Users\sydney\Pictures\Logos & Wallpaper\Wallpaper\Bushido Jp.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cbc7456c-a8a7-11e1-8d31-001dd9ea09dc}\Shell - "" = AutoRun
O33 - MountPoints2\{cbc7456c-a8a7-11e1-8d31-001dd9ea09dc}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 14:00:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.15 17:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BattlEye
[2013.01.14 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\sydney\Desktop\Day Z
[2013.01.14 16:17:54 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Local\DayZCommander
[2013.01.13 20:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2013.01.13 09:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.12 17:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013.01.08 19:42:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.01.08 19:42:57 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.01.08 19:42:57 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013.01.08 19:42:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013.01.08 19:42:56 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.01.08 19:42:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.01.08 19:42:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.08 19:42:55 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.01.08 19:42:55 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.01.08 19:42:54 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.08 19:42:53 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.01.08 19:42:50 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.01.08 19:42:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013.01.08 19:42:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.01.08 19:42:47 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.08 19:42:46 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.01.08 19:42:45 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.01.08 19:42:44 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.08 19:42:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.01.08 19:42:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.01.08 19:42:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.01.08 19:42:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.01.08 19:30:02 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013.01.08 19:30:02 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013.01.08 19:30:02 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013.01.08 19:30:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013.01.08 19:29:51 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.01.08 19:29:50 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013.01.08 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Roaming\Play withSIX
[2013.01.08 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Local\Play withSIX
[2013.01.08 18:53:09 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Local\Downloaded Installations
[2013.01.08 18:48:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.01.08 18:48:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.01.08 18:48:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.01.08 18:33:58 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Local\ArmA 2
[2013.01.08 18:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013.01.07 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Local\ArmA 2 OA
[2013.01.07 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\sydney\Documents\ArmA 2
[2013.01.07 21:11:46 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013.01.05 23:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner
[2013.01.05 23:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2013.01.05 23:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.01.02 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\sydney\AppData\Roaming\Hamachi
[2013.01.02 20:36:02 | 000,729,088 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2013.01.02 20:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAWLE
[2012.12.26 17:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2012.12.26 16:49:33 | 000,000,000 | ---D | C] -- C:\Users\sydney\Desktop\LAN
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 15:21:55 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 15:21:55 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 14:01:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.16 13:29:22 | 000,655,154 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.16 13:29:22 | 000,621,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.16 13:29:22 | 000,121,328 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.16 13:29:22 | 000,107,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.16 13:21:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 13:21:49 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 00:20:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.10 13:16:50 | 000,172,544 | ---- | M] () -- C:\Users\sydney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.08 19:42:58 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.01.08 19:42:57 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.01.08 19:42:57 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013.01.08 19:42:57 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013.01.08 19:42:56 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.01.08 19:42:56 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.01.08 19:42:56 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.08 19:42:55 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.01.08 19:42:55 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.01.08 19:42:54 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.08 19:42:53 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.01.08 19:42:50 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.01.08 19:42:48 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013.01.08 19:42:48 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.01.08 19:42:47 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.08 19:42:46 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.01.08 19:42:45 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.01.08 19:42:44 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.08 19:42:41 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.01.08 19:42:40 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.01.08 19:42:40 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.01.08 19:42:40 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.01.08 19:30:02 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013.01.08 19:30:02 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013.01.08 19:30:02 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013.01.08 19:30:02 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013.01.08 19:29:51 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.01.08 19:29:50 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013.01.08 19:22:10 | 032,178,176 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013.01.08 19:22:10 | 000,458,752 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013.01.08 19:22:10 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013.01.08 18:48:32 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.01.08 18:48:32 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.01.08 18:48:32 | 000,049,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.01.05 23:44:38 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2013.01.02 20:35:21 | 000,729,088 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
 
========== Files Created - No Company Name ==========
 
[2013.01.05 23:44:18 | 000,002,397 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2012.10.07 16:44:50 | 000,019,572 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012.10.06 11:13:05 | 000,000,012 | ---- | C] () -- C:\ProgramData\8680
[2012.10.06 11:13:05 | 000,000,012 | ---- | C] () -- C:\ProgramData\4794
[2012.10.06 11:13:05 | 000,000,012 | ---- | C] () -- C:\Users\sydney\AppData\Local\4662
[2012.10.06 11:13:05 | 000,000,012 | ---- | C] () -- C:\Users\sydney\AppData\Roaming\3888
[2012.10.06 11:13:05 | 000,000,012 | ---- | C] () -- C:\ProgramData\1374
[2012.07.29 11:27:59 | 000,122,608 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.06.23 12:36:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.06.23 12:30:12 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2012.05.28 15:07:21 | 000,002,008 | ---- | C] () -- C:\Windows\System32\drivers\hidusbf.sys
[2012.05.28 12:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.05.28 12:15:54 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2012.05.28 11:47:46 | 000,161,926 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012.05.28 11:47:46 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012.05.28 11:38:03 | 000,101,151 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.05.27 23:35:01 | 000,027,430 | ---- | C] () -- C:\Users\sydney\AppData\Roaming\nvModes.dat
[2012.05.27 23:35:01 | 000,027,430 | ---- | C] () -- C:\Users\sydney\AppData\Roaming\nvModes.001
[2012.05.27 22:14:54 | 000,172,544 | ---- | C] () -- C:\Users\sydney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.27 21:46:31 | 000,000,680 | ---- | C] () -- C:\Users\sydney\AppData\Local\d3d9caps.dat
[2012.05.27 17:35:58 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.30 11:55:24 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.06.30 11:45:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 16.01.2013 16:19:09 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Tools\OTL
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 29,72% Memory free
6,19 Gb Paging File | 4,06 Gb Available in Paging File | 65,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,04 Gb Total Space | 27,73 Gb Free Space | 19,80% Space Free | Partition Type: NTFS
Drive D: | 140,00 Gb Total Space | 65,92 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
Drive E: | 8,89 Gb Total Space | 3,82 Gb Free Space | 42,98% Space Free | Partition Type: NTFS
Drive F: | 9,04 Gb Total Space | 8,97 Gb Free Space | 99,20% Space Free | Partition Type: NTFS
Drive H: | 298,02 Gb Total Space | 37,60 Gb Free Space | 12,62% Space Free | Partition Type: FAT32
 
Computer Name: SYD-PC | User Name: sydney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2674624654-1717120980-701073699-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061D4033-8DE4-4109-AF5B-6E7845B95427}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C43A921-C46E-4207-A6ED-B2570AB83C31}" = lport=445 | protocol=6 | dir=in | app=system |
"{3270E3BA-83DF-4D02-8147-BAE0B57C931C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3909C6C5-E53D-45C6-8635-C00614CBB624}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A49E10E-7EC1-47D9-BED1-2E6922D3FF84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{654227F5-2834-4E32-8534-66B155381C42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D27967F-54D0-416B-87CE-C29CC7344831}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8E8D5756-131C-4B84-94DA-BAD78AC497FB}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A3409BA-8E2D-421C-A6FA-F095501262F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{A6B7C094-CE90-44FC-94DA-D959DC7DEAE4}" = lport=139 | protocol=6 | dir=in | app=system |
"{B592CCA8-236E-4DFB-960F-6FF28979E2C0}" = lport=137 | protocol=17 | dir=in | app=system |
"{B97E4A89-66AC-4A23-B764-0616DD9BC5E9}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5523E7A-257A-439E-8A37-C3294A0D5C45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{ECFE392B-62ED-4FC2-A4EA-FCA8EF9087E6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F0C6708C-6AE6-4E5A-BE20-018D0BF05CDE}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BD4888-11EC-489A-BCA5-7FD0CDF0C00B}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{042AE523-F7E8-4EB9-9A15-D7E187ECBFA4}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{090C6208-5E47-46F2-A1B6-9B6F229932CB}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\common\defcon\defcon.exe |
"{098ED903-8C91-477C-838E-8967E177FC52}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{0CC99B9D-9A33-42D2-A8EB-62E4E6C607B7}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\****\counter-strike\hl.exe |
"{0FD7B221-27BF-4DFE-970F-8D97906326C5}" = protocol=6 | dir=in | app=d:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{117BCFCC-0078-46B5-9ECB-70ECD792674E}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\common\defcon\defcon.exe |
"{11B2D498-0234-472E-998C-8FA9C282E656}" = protocol=17 | dir=in | app=d:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{1C0AF75A-C843-4FE6-9630-1EA37CA82612}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2ADAC103-0F4B-4B3D-BC4F-C3173580F776}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{2C08189E-E828-45BE-B985-77CB974EDFE1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2C829643-B24D-4C03-A9B5-8B7B73B7F152}" = protocol=17 | dir=in | app=d:\games\valve\steam\steam.exe |
"{2CD0209B-2623-49EC-96B6-3F27E264DCE3}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\****\counter-strike\hl.exe |
"{2D74F76A-D7D4-4558-BFAB-C365E895770C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{392D2281-661B-4451-9062-6B324DF797F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{3DAC283C-F6F0-4832-8193-B64DA8FAEB23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40B0C380-F619-463D-B4D4-B7817940D8D5}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth ii\game.dat |
"{42394B63-8463-464F-B8E5-AB0608C01E8E}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4B9AB00A-7DFE-4C58-B65A-6C6093C00E4B}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth ii - the rise of the witch-king\game.dat |
"{5B6F5731-0681-4A21-9CC3-42560ECAE2BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B92E608-284A-4443-829F-A116C2148C44}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2\arma2.exe |
"{6D58D664-CF37-4DCF-B3D6-F062A12FAE09}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{6F19BBD3-F0A8-40AA-9CA7-BF21CD1BFB4F}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{757AD939-ED22-432B-AB03-B60FEFB0FBE9}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{7BDCBE32-6A23-41BB-A964-2A8B305B2D29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{83927628-3ED3-4AB6-AAB1-F1A0EE770FE6}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth ii\game.dat |
"{85B4E44D-8ED6-463F-946A-6E9BA00C60BC}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{8AE574A0-FB94-45C9-9A2F-3B482F0420AD}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{8BE6FCE7-9047-435F-8A65-893E1405570F}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{95B5B85D-60F7-4ABC-9BD7-86018D24382A}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{97957D23-F2B2-4260-9AC4-72AF11BAE4CB}" = protocol=6 | dir=in | app=d:\games\valve\steam\steamapps\common\arma 2\arma2.exe |
"{99AFF01E-7EF7-4687-977A-57E8BC12C86C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9C0D560E-3F97-4D68-AF63-EFD46650607E}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth ii - the rise of the witch-king\game.dat |
"{9E193A8D-8450-4698-AC3A-D1E56D6F94E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A72FCA7E-6B0C-413F-8305-B6DB7CE97B7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B7F2E6E3-CC88-46F5-8E5B-0A491C84F93F}" = protocol=6 | dir=in | app=d:\games\valve\steam\steam.exe |
"{C1439408-68B4-4182-B71A-2C8D65C2FCBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C2665A48-F4FA-4E45-B519-63A2C725AD63}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CC261739-F456-4CBF-8369-C987F59E9F96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D43F931A-1C8A-4FCD-9E51-733664CDDEC2}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\****\counter-strike\hl.exe |
"{EB0ACD9F-BA50-44EE-BC89-B489627AEEA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFD79307-32DF-4DFA-B851-C8B5845C5346}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FC79AE8A-5A81-4E11-A29F-A45F3AF1873B}" = protocol=17 | dir=in | app=d:\games\valve\steam\steamapps\****\counter-strike\hl.exe |
"TCP Query User{050B4E2A-15E0-4F7F-910E-8FDE28B4FC6A}D:\games\valve\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\games\valve\left 4 dead 2\left4dead2.exe |
"TCP Query User{0ADC55F4-D61C-485A-82C1-4403D4D8035F}D:\games\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{0C269670-AF96-49F6-9B7F-C45F46A34200}D:\games\electronic arts\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\battlefield 1942\bf1942.exe |
"TCP Query User{3B14DA31-1D5C-4B99-A9B0-3B4B83A3020C}D:\tools\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=d:\tools\six networks\play withsix\tools\bin\rsync.exe |
"TCP Query User{422C7F58-FF71-48B4-82A7-AE7930AB2C0E}D:\games\valve\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\valve\counter-strike source\hl2.exe |
"TCP Query User{4B95B5B7-52B3-4A5D-954E-0DC627DA52A1}D:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=d:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{7CA95303-8560-49C4-93BA-580AAAD780DF}D:\tools\yawle\yawle.exe" = protocol=6 | dir=in | app=d:\tools\yawle\yawle.exe |
"TCP Query User{7FA6208D-BA79-47BB-8018-6090C46E4CFB}D:\games\fox\aliens vs. predator 2\lithtech.exe" = protocol=6 | dir=in | app=d:\games\fox\aliens vs. predator 2\lithtech.exe |
"TCP Query User{832633F1-1263-4850-8618-7AE887494263}D:\games\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=d:\games\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"TCP Query User{93AD2A85-1457-4971-BBD3-10407AE21BD7}D:\games\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{9482071E-3B6A-4BF3-9216-AFC8A82BC61C}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{C2281212-7A96-4483-8CFF-EDA24A2BC10B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C992D648-3538-4AFC-95E8-826B2026424D}C:\users\sydney\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\sydney\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{CCAF5AEF-BAE1-494F-9792-6401117095E9}D:\games\blizzard\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\blizzard\warcraft iii\war3.exe |
"TCP Query User{DCF7B395-4BE6-415D-B510-D4AC40CD8FCA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{FAC464CB-B7AC-400F-9F27-8E6EC1AD8370}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{0D66CDED-DE1C-4662-B2D0-18917E9375A7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{12364BA9-5311-4787-8E76-2349445D5E96}D:\games\valve\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\valve\counter-strike source\hl2.exe |
"UDP Query User{18844847-9A6C-4719-94EA-C9C20C44AC7C}D:\games\electronic arts\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\battlefield 1942\bf1942.exe |
"UDP Query User{18BE3B3E-44A7-4067-9ED9-BD6D8FBB5854}D:\games\blizzard\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\blizzard\warcraft iii\war3.exe |
"UDP Query User{1ADE47B1-FE39-45AC-8098-9C911F91573D}D:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=d:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{282300C2-8D7A-4B5A-B846-495B944E1945}D:\games\valve\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\games\valve\left 4 dead 2\left4dead2.exe |
"UDP Query User{383DA765-1948-4D7C-8C9D-979684510026}D:\games\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=d:\games\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"UDP Query User{3A4009E9-7C24-461D-863B-59FFCB63556A}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{3C4B4540-1F62-4E0D-833C-7E7B099CBE1B}D:\games\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{5EBBE300-21E7-441A-8AD5-FF99CCC27414}D:\tools\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=d:\tools\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{8FF70972-4476-4520-8FDD-7FE4D6FAD244}D:\games\fox\aliens vs. predator 2\lithtech.exe" = protocol=17 | dir=in | app=d:\games\fox\aliens vs. predator 2\lithtech.exe |
"UDP Query User{B17EEF38-D456-4039-B6D2-0FB04BB58A62}C:\users\sydney\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\sydney\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{C7C67AC2-D4A8-4DD3-8708-FEFB52D08F4B}D:\games\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{D0764A25-4B03-4A0C-9D91-3170F9A94D6D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{DABD8BE6-32BB-43B5-9353-529E6279F7AF}D:\tools\yawle\yawle.exe" = protocol=17 | dir=in | app=d:\tools\yawle\yawle.exe |
"UDP Query User{F5B727E8-68D6-4DC7-92AB-97296E2331B9}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46991620-ECC1-462B-88BF-5B91BF133E77}" = Oracle VM VirtualBox 4.1.16
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91B930B5-9281-4A6E-8E74-978247499AE7}" = DayZ Commander
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}" = MarketingReg
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"IrfanView" = IrfanView (remove only)
"L4D2 RevEMU v2054+" = L4D2 RevEMU v2054+
"Left4Dead2-hohesC_is1" = Left 4 Dead 2 - 2.0.0.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miranda IM" = Miranda IM 0.10.8
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"StarCraft" = StarCraft
"Steam App 10" = Counter-Strike
"Steam App 1520" = DEFCON
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 24240" = PAYDAY: The Heist
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 550" = Left 4 Dead 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Yawle_0.3b" = YAWLE 0.5b
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2013 14:16:47 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3136
 
Error - 11.01.2013 14:16:47 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3136
 
Error - 12.01.2013 08:49:12 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2013 08:49:12 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
 
Error - 12.01.2013 08:49:12 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error - 12.01.2013 08:49:13 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2013 08:49:13 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2060
 
Error - 12.01.2013 08:49:13 | Computer Name = syd-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2060
 
Error - 12.01.2013 15:30:56 | Computer Name = syd-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung arma2oa.exe, Version 1.62.100.544, Zeitstempel
 0x50ec370b, fehlerhaftes Modul arma2oa.exe, Version 1.62.100.544, Zeitstempel 0x50ec370b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00444b9d,  Prozess-ID 0x1518, Anwendungsstartzeit
 01cdf0e0ce62bb90.
 
Error - 12.01.2013 17:19:22 | Computer Name = syd-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung arma2oa.exe, Version 1.62.100.544, Zeitstempel
 0x50ec370b, fehlerhaftes Modul BEClient.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x5072f1a5, Ausnahmecode 0xc0000005, Fehleroffset 0x0bfa3250,  Prozess-ID 0x9f8,
Anwendungsstartzeit 01cdf0fe64885c70.
 
[ OSession Events ]
Error - 11.08.2012 08:42:02 | Computer Name = syd-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8369
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.01.2013 04:46:41 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.01.2013 10:53:32 | Computer Name = syd-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 13.01.2013 04:38:36 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.01.2013 10:04:55 | Computer Name = syd-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 13.01.2013 14:54:18 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.01.2013 09:38:10 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.01.2013 02:44:49 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.01.2013 10:15:11 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.01.2013 19:15:16 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.01.2013 08:22:25 | Computer Name = syd-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

markusg 16.01.2013 17:11
hi
warum hat dein Windows noch nie updates gesehen, keinerlei servicepacks.
die aussage, es ist unwarscheinlich, ist zumindest sehr mutig anhand dieser Tatsachen.
öffne mal MSE und poste alle Funde bitte

dgl472 16.01.2013 17:51
Liste der Anhänge anzeigen (Anzahl: 1)
zum Thema Windows:
Vor geraumer Zeit hatte ich meinen Laptop formatiert, als ich dann im Anschluss die Updates installieren wollte kam es beim rebooten immer zu Problemen (weiß nicht mehr genau was das war, hatte direkt nen Bluescreen o.ä.) und ich konnte mich immer nur über eine Systemwiederherstellung retten. Deshalb habe ich das dann iwann gelassen.
Abgesehen davon habe ich das Problem, dass wenn ich auf "Windows Update" gehe mir zwar x wichtige und y optionale Updates angezeigt werden, wenn ich dann aber auf zBsp "wichtige Updates" gehe zeigt er mir nicht an welche das sind, also ich kann sie nicht auswählen (siehe Anhang).
Ich dachte aber eigtl die SP's hätte ich installiert.

zum Thema "..ist unwahrscheinlich..":
Naja, ich wage das zu behaupten, weil ich mir mal unglücklich einen Wurm eingefangen hatte und seitdem extrem vorsichtig unterwegs bin.

zum Thema MSE:
Musste das grad erstmal installieren. Die "schnelle Überprüfung" nach der Installation hat nichts gefunden! Die "vollständige Überprüfung" läuft noch.

dgl472 17.01.2013 07:15
Liste der Anhänge anzeigen (Anzahl: 1)
Aber danke für den Hinweis bzgl. den SP's!

Die "vollständige Überprüfung" ist jetzt auch abgeschlossen.
Gefunden wurde eine potenzielle Bedrohung, siehe Anhang.
Jedoch handelt es sich dabei um winscp und ich glaube, dass es nur wegen seiner Funktionsweise gelistet wird, das Programm an sich ist ja vertrauenswürdig.

Aktion (Quarantäne / Zulassen / Entfernen ) habe ich noch keine ausgeführt.

markusg 17.01.2013 19:17
hi
poste die Meldung bitte als text
evtl. hattest du damals vergessen, die aktuellen treiber zu instaliern, und es gab deswegen probleme

dgl472 17.01.2013 21:50
Richtig als Log / Text kann ich das leider nicht posten, weil es mir auch nur so ausgegeben wird, wie auf dem screenshot.

Das ist alles was ich machen kann:

Code:
Kategorie: Adware

Beschreibung: Dieses Programm zeigt potenziell unerwünschte Werbefenster und Popupwerbungen auf dem Computer an.

Empfohlene Aktion: Lassen Sie dieses entdeckte Element nur zu, wenn Sie dem Programm oder dem Softwareherausgeber vertrauen.

Elemente:
containerfile:C:\Users\sydney\Downloads\Programme\PLUS\winscp429setup.exe
file:C:\Users\sydney\Downloads\Programme\PLUS\winscp429setup.exe->(inno#000011)
Aber wenn ich das richtig sehe haben alle Überprüfungen bisher ja keine entsprechende Bedrohung gefunden.
Abgesehen davon hat mir die Telekom in der Zwischenzeit die Verbindungsdaten ( IP / Zeit ) zugeschickt und aufgrund dessen kann ich ausschließen, dass mein Laptop mit ZeuS befallen ist.
Habe auch schon rausgefunden welcher es letztendlich war.

markusg 18.01.2013 19:44
hi
so wie du die Meldung jetzt gepostet hast, wollte ich sie sehen, da ich ein Problem mit meinen Augen hab, und Screenies für mich ungünstig sind.
sollen wir uns den betroffenen Laptop ansehen?
instaliere bei deinem gerät alle Treiber und dann hohl dir erst servicepack 1 und dann 2.

dgl472 19.01.2013 01:40
Hey,

achso, alles klar.

Nein danke, es ist nicht nötig sich den noch anzuschauen. Mein Bruder hat sich vor Ort schon um den betroffenen Laptop gekümmert.

Ok werde ich machen! Wie gesagt, dachte SP1 & 2 hätte ich drauf gemacht. Danke nochmal für den Hinweis!

Dann ist mir soweit bei meinem Anliegen geholfen :)

Danke


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131