| |
| |||||||
Log-Analyse und Auswertung: Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D LaufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.01.2012, 03:05
| #1 |
| |  Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D Lauf Hallo, ich wurde von dem Vista Security 2012 Virus angegriffen. Symptome: Diverse popups, Anwendungsblockaden und fake Sicherheitsmeldungen welche nur durch die gekaufte Version von Vista Security 2012 entfernt werden können. Dazu habe ich die Anleitung: http://www.trojaner-board.de/100079-...entfernen.html benutzt um mit RKill die Prozesse zu schliessen und im Anschluss mit Spybot Search & destroy den Virus zu "entfernen". Die Registry Datei habe noch nicht ausgeführt. Hier im Anhang auch noch einmal die OTL.txt: Code:
ATTFilter OTL logfile created on: 15.01.2012 02:46:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = d:\Eigene Dateien\Desktop 64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,55% Memory free 4,10 Gb Paging File | 1,74 Gb Available in Paging File | 42,46% Paging File free Paging file location(s): d:\pagefile.sys 200 6141 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 46,58 Gb Total Space | 1,35 Gb Free Space | 2,90% Space Free | Partition Type: NTFS Drive D: | 419,18 Gb Total Space | 18,16 Gb Free Space | 4,33% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 179,10 Gb Free Space | 38,45% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - d:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - c:\program files (x86)\avira\antivir desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Programme\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - c:\program files (x86)\avira\antivir desktop\avconfig.exe (Avira GmbH) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe () PRC - C:\Programme\ASUS\Ai Suite\AiNap\AiNap.exe () PRC - C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe () PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.) PRC - C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe () PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe () PRC - C:\Windows\SysWOW64\WTClient.exe (Tablet Driver) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - c:\program files (x86)\avira\antivir desktop\sqlite3.dll () MOD - C:\Windows\SysWOW64\WinTab32.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll () MOD - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe () MOD - C:\Programme\ASUS\Ai Suite\AiNap\AiNap.exe () MOD - C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe () MOD - C:\Program Files (x86)\ASUS\Six Engine\AsSpindownTimeout.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll () MOD - C:\Programme\ASUS\Ai Suite\AiNap\AiNap.dll () MOD - C:\Program Files (x86)\ASUS\AASP\1.00.63\cpuutil.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll () MOD - C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe () MOD - C:\Programme\ASUS\Ai Suite\AiNap\vvc.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () MOD - C:\Program Files (x86)\ASUS\AASP\1.00.63\PowerDll.dll () MOD - C:\Program Files (x86)\ASUS\Six Engine\pngio.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (mi-raysat_3dsmax2010_64) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe () SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\Drivers\WTSRV.EXE (Tablet Driver) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (DCPFLICS) -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe () SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys (AfaTech ) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (tdrpman147) Acronis Try&Decide and Restore Points filter (build 147) -- C:\Windows\SysNative\DRIVERS\tdrpm147.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis) DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys (Acronis) DRV:64bit: - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\Windows\SysNative\DRIVERS\snman380.sys (Acronis) DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\DRIVERS\UCTblHid.sys (Tablet Driver) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\DRIVERS\PTSimBus.sys (PenTablet Driver) DRV:64bit: - (camfilt2) -- C:\Windows\SysNative\Drivers\camfilt2.sys (Guillemot Corporation) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys () DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\DRIVERS\PTSimHid.sys (PenTablet Driver) DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\DRIVERS\TClass2k.sys (Tablet Driver) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://facebook.com/" FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\XXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.11 08:58:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.06 16:13:45 | 000,000,000 | ---D | M] [2008.12.16 17:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions [2011.12.21 21:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\htm99lj7.default\extensions [2009.07.15 10:07:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\htm99lj7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.23 21:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\XXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTM99LJ7.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\XXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTM99LJ7.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.01.11 08:58:07 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.01.11 08:58:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.11 08:58:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.11 08:58:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.11 08:58:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.11 08:58:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.11 08:58:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2011.09.10 00:50:13 | 000,438,235 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15075 more lines... O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C-Media Speaker Configuration] D:\Download\nightingale_vista32_drv\nightingale\vista32\Setup.exe /SPEAKER File not found O4 - HKLM..\Run: [Cpu Level Up help] C:\Programme\ASUS\Ai Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe () O4 - HKLM..\Run: [Launch Direct Link] C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.) O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKLM..\Run: [StartCCC] D:\CCC\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver) O4 - Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range38 ([http] in Vertrauenswürdige Sites) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.83/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC40F562-54FB-432B-82B8-3DBCDF6A1368}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe () O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe () O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{73207095-8399-11df-8b26-0022155a9914}\Shell - "" = AutoRun O33 - MountPoints2\{73207095-8399-11df-8b26-0022155a9914}\Shell\AutoRun\command - "" = F:\MI.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.15 02:45:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- d:\Eigene Dateien\Desktop\OTL.exe [2012.01.14 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{EA32AC92-CD08-4789-8053-5D15D8906A82} [2012.01.14 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{C29600CB-84B2-4390-BC51-3B8F78EA5E09} [2012.01.14 10:50:48 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{E3DB4485-187E-422B-BD3D-539DE7558B9C} [2012.01.14 10:50:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{3CAE1F38-0F03-4214-ACE7-EFED8231AC99} [2012.01.13 22:49:49 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{53E44D42-CA46-42D3-AB4A-826F4BD684E3} [2012.01.13 22:49:15 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{60BF75DB-7C3F-4FD1-9B3F-F71233449555} [2012.01.13 10:49:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{1E0DBECA-6148-485B-932B-0F51DD35ACD8} [2012.01.13 10:48:31 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{24CBAEDF-60FF-4028-9FE3-1967C4FDF93B} [2012.01.12 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{2A0F829A-B204-4720-AA8C-5907E0BA4B06} [2012.01.12 22:47:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{64A2494C-0044-49E9-A0DE-93E10C9055BF} [2012.01.12 10:46:56 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{650BDF14-DB92-4326-96B1-75E0BD056AE4} [2012.01.12 10:46:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{76D9438E-EC0A-49B0-A561-68BFD580C69B} [2012.01.12 09:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2012.01.11 22:45:54 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{1480D2EE-CBE6-431E-9013-3BB039315BE3} [2012.01.11 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{3F6247BB-7925-4446-8092-0792E440475A} [2012.01.11 11:27:02 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 11:27:02 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 11:27:02 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 11:27:02 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 11:26:57 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 11:26:56 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll [2012.01.11 11:26:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll [2012.01.11 11:26:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll [2012.01.11 11:26:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll [2012.01.11 11:26:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll [2012.01.11 11:26:55 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.01.11 11:26:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 11:26:53 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.11 10:45:08 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{0B54546D-952C-48A2-87F6-7E1BADD463C1} [2012.01.11 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{96B6AEBB-36E1-4BA7-8620-E6B5C2CF90E5} [2012.01.10 22:44:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{B45C6B0D-9185-432D-80B7-631E62D13944} [2012.01.10 22:43:35 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{D375A42F-EDE9-47E0-A449-9B2D42D441D9} [2012.01.10 10:43:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{662C4810-428B-4BB3-9AD6-718071B61066} [2012.01.10 10:42:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{70071163-D2A3-47FA-8443-9DBAFD3EC8DA} [2012.01.09 22:42:19 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{D85471DA-AC97-4960-B824-FFC4B11D76F6} [2012.01.09 22:41:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{7293E0B6-D55E-4034-BEA9-D4651C0607B7} [2012.01.09 10:41:33 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{F5283861-3209-45B8-A57D-8CC2EF4EF494} [2012.01.09 10:41:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{B59A345C-ECDC-4DB7-B1D6-C5470168C28B} [2012.01.08 15:42:34 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{DF592C24-12AF-4300-9501-B0D92C183E34} [2012.01.08 15:42:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{BE2A6CD9-4F73-4B77-B47A-949F6A0B41D6} [2012.01.06 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{405C5412-9605-4501-B881-37363FAF0864} [2012.01.06 16:08:11 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{200B54CE-D8C6-4D66-94DD-AB89376346CC} [2012.01.05 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{B45C0236-7633-452B-BD4B-CE0BD8D4F799} [2012.01.05 17:01:05 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{0554432A-E7B1-4BD6-81CA-CF9035F92D7F} [2012.01.04 17:07:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{E765364E-D7C7-4371-A12E-C94F975C0B9D} [2012.01.04 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{4AF746BA-6BB2-4727-A93A-B938E46EBEA3} [2012.01.03 16:56:32 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{F3A14DAF-A842-47D4-A20B-8F7522C797AD} [2012.01.03 16:55:58 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{D0713F25-4FA0-48EE-816A-217E3BE538FB} [2012.01.02 17:02:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{24D96077-C348-4446-8D1C-14006B143326} [2012.01.02 17:01:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{20685B10-A979-4806-B9FE-8D3B157210C3} [2012.01.01 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{08B8D898-9626-4421-B955-743E737FC16C} [2012.01.01 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{3764E4F9-376F-4435-AB0C-2901E44EA131} [2011.12.31 11:16:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{9EEF26D3-1672-4025-84D4-857B15D3093B} [2011.12.31 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{A0C02C3E-76BE-4755-8DB5-8E16D6D2A26E} [2011.12.30 23:15:49 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{DD482FBC-3F50-4994-A445-FBE6B34D2AB7} [2011.12.30 23:15:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{904FE9D1-8FC0-423C-8AE1-B8DE55B37E4D} [2011.12.30 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{3C050E27-FFD9-4302-8CAF-517936153C51} [2011.12.30 10:16:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{43E67CEE-5A49-424F-94DB-A78388BD63A8} [2011.12.29 22:11:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{938B6213-1DB2-43B2-ABA1-08E1548F37B6} [2011.12.29 22:10:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{DA28D0A0-73A4-47BA-A486-6BAAA2EA9D5E} [2011.12.29 10:09:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{BDA861EB-06EA-433F-8F21-58251586D570} [2011.12.29 10:09:12 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{26BD9090-5F69-45E4-950D-593268B9C94B} [2011.12.28 10:00:37 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{D49CCE7E-19AF-41F8-9E61-B879B70C2892} [2011.12.28 10:00:05 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{B319DFD8-1047-4522-8553-8117B340CC81} [2011.12.26 12:26:02 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{7FA90D54-03C9-449C-A741-E89B14E2BBF2} [2011.12.26 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{B5401993-9DD9-4BF2-A9A0-05AA0FC0FBA0} [2011.12.26 00:25:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{D800769F-9ED9-42A1-B9E3-8FE49B1B95DC} [2011.12.26 00:24:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{1A992EA4-8B41-453F-B474-1D72230C76E9} [2011.12.25 12:24:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{24CECF03-436B-46A1-A075-A230F2391F4C} [2011.12.25 12:23:27 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{FA6B93DA-24DC-4E9A-81B5-FD43037E2C39} [2011.12.24 08:56:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{017FADE6-DDE2-4775-A989-BAA78170E27A} [2011.12.24 08:55:27 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{6F2E5318-9449-4ED9-9D1C-108D06F04214} [2011.12.23 15:10:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{EA81D39C-22DA-46B5-84EA-5F3A79CB19B1} [2011.12.23 15:09:26 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{B0064ACD-AA35-4486-94E5-B80835010E58} [2011.12.22 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{D26DF85C-0365-43AC-B266-F6C75ACBE0E6} [2011.12.22 15:59:47 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{FFB81794-96A6-4073-B74D-0A34E88BC030} [2011.12.22 15:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.12.21 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{01FE5053-6EC2-45C3-AAD4-4B7E6A9DD564} [2011.12.21 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{249BCD70-3B51-4CDE-A86B-9561F26E8E25} [2011.12.20 17:28:06 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{59239360-4076-4A2D-B5C9-C6DA4FDEC7F5} [2011.12.20 17:27:31 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{5B1B2A5B-6E31-46C2-831F-2597C193B2BF} [2011.12.19 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{8085A342-CACF-4186-AB1B-04F65CF1BC9A} [2011.12.19 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{AFC98B42-7D10-47C2-93E3-EF0929E4BA6B} [2011.12.18 12:30:27 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{82E34EE6-B6AD-4C7F-AF97-44C7B8EEDBBB} [2011.12.18 12:29:52 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{2E35491A-8B23-4B81-B530-03F66D0789CA} [2011.12.18 00:29:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{43347121-9041-44F7-9E30-5D766087EE8F} [2011.12.18 00:28:50 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\{31DE9F2C-1B17-4D7F-8349-88FDC257F5D9} [2009.01.27 14:43:35 | 000,167,936 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [22 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [10 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.15 02:45:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- d:\Eigene Dateien\Desktop\OTL.exe [2012.01.15 02:44:49 | 000,050,477 | ---- | M] () -- d:\Eigene Dateien\Desktop\Defogger.exe [2012.01.15 02:26:38 | 000,006,637 | ---- | M] () -- C:\Users\XXXXX\AppData\Roaming\e4d42e6 [2012.01.15 02:26:38 | 000,006,606 | ---- | M] () -- C:\Users\XXXXX\AppData\Local\a38b6a13 [2012.01.15 02:26:37 | 000,006,695 | ---- | M] () -- C:\ProgramData\b4087b46 [2012.01.15 02:18:59 | 014,407,192 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.15 02:18:59 | 004,844,782 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.15 02:18:59 | 004,181,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.15 02:18:58 | 004,582,674 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.15 02:18:58 | 000,005,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.15 02:14:54 | 001,008,141 | ---- | M] () -- d:\Eigene Dateien\Desktop\eXplorer.exe [2012.01.15 02:12:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.15 02:12:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.15 02:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.15 00:23:17 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{978E09A9-0F47-4184-8B35-D34606FD7885}.job [2012.01.13 18:09:54 | 000,248,320 | ---- | M] () -- C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.12 20:25:26 | 000,034,324 | ---- | M] () -- d:\Eigene Dateien\Desktop\390545_2782062600262_1519118754_2802599_2090416052.jpg [2012.01.12 20:23:39 | 000,069,633 | ---- | M] () -- d:\Eigene Dateien\Desktop\388724_2782061440233_1519118754_2802598_36483764_n.jpg [2012.01.12 20:23:37 | 000,072,787 | ---- | M] () -- d:\Eigene Dateien\Desktop\390545_2782062600262_1519118754_2802599_2090416052_n.jpg [2012.01.12 09:13:45 | 000,001,679 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2012.01.06 16:18:49 | 000,000,928 | ---- | M] () -- d:\Eigene Dateien\Desktop\Porsche_Daten.fdf [2012.01.06 16:13:45 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.06 16:08:16 | 000,175,226 | ---- | M] () -- d:\Eigene Dateien\Desktop\Porsche.pdf [2011.12.28 18:42:47 | 000,167,005 | ---- | M] () -- d:\Eigene Dateien\Desktop\ucigutscheine.jpg [2011.12.26 09:34:50 | 000,001,356 | ---- | M] () -- C:\Users\XXXXX\AppData\Local\d3d9caps.dat [2011.12.18 10:52:13 | 003,282,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [22 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [10 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.15 02:44:47 | 000,050,477 | ---- | C] () -- d:\Eigene Dateien\Desktop\Defogger.exe [2012.01.15 02:14:49 | 001,008,141 | ---- | C] () -- d:\Eigene Dateien\Desktop\eXplorer.exe [2012.01.15 01:47:44 | 000,006,695 | ---- | C] () -- C:\ProgramData\b4087b46 [2012.01.15 01:47:44 | 000,006,637 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\e4d42e6 [2012.01.15 01:47:44 | 000,006,606 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\a38b6a13 [2012.01.12 20:25:26 | 000,034,324 | ---- | C] () -- d:\Eigene Dateien\Desktop\390545_2782062600262_1519118754_2802599_2090416052.jpg [2012.01.12 20:23:38 | 000,069,633 | ---- | C] () -- d:\Eigene Dateien\Desktop\388724_2782061440233_1519118754_2802598_36483764_n.jpg [2012.01.12 20:23:21 | 000,072,787 | ---- | C] () -- d:\Eigene Dateien\Desktop\390545_2782062600262_1519118754_2802599_2090416052_n.jpg [2012.01.12 09:13:45 | 000,001,679 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2012.01.12 09:13:43 | 000,001,679 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.01.12 09:13:43 | 000,001,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.01.12 09:13:43 | 000,001,649 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.01.06 16:17:32 | 000,000,928 | ---- | C] () -- d:\Eigene Dateien\Desktop\Porsche_Daten.fdf [2012.01.06 16:13:45 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.06 16:13:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.01.06 16:08:16 | 000,175,226 | ---- | C] () -- d:\Eigene Dateien\Desktop\Porsche.pdf [2011.12.28 18:42:46 | 000,167,005 | ---- | C] () -- d:\Eigene Dateien\Desktop\ucigutscheine.jpg [2010.06.15 23:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.04.17 19:47:13 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE [2010.03.28 14:28:25 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.03.28 13:55:51 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI [2010.02.16 12:20:28 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll [2009.10.14 22:45:23 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.09.24 10:07:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.24 10:06:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.09.24 10:06:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.08.15 12:26:40 | 000,000,600 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\winscp.rnd [2009.07.25 11:30:33 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll [2009.05.24 18:52:02 | 000,003,830 | ---- | C] () -- C:\Windows\Tablet8000x6000.ini [2009.05.24 18:42:14 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll [2009.05.24 18:42:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe [2009.05.05 21:58:19 | 000,860,211 | --S- | C] () -- C:\Windows\SysWow64\XSIFtk-3.6.2.1.dll [2009.04.21 17:46:05 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\AF15IRTBL.bin [2009.04.19 16:35:04 | 000,126,976 | ---- | C] () -- C:\Windows\gdf.dll [2009.01.27 14:43:47 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe [2009.01.27 14:43:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.12.31 12:33:42 | 000,001,100 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\d3d8caps.dat [2008.12.27 15:13:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.18 00:13:48 | 000,248,320 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.17 10:50:02 | 000,001,356 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\d3d9caps.dat [2008.12.16 22:53:37 | 000,035,450 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.12.16 22:53:23 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2008.12.16 22:53:23 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2008.12.16 22:53:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008.12.16 22:53:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2008.12.16 22:49:09 | 000,035,412 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.12.16 22:22:08 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2008.12.16 22:22:08 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2008.12.16 21:40:33 | 000,004,185 | ---- | C] () -- C:\Windows\ULEAD32.INI [2008.12.16 21:31:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.16 21:05:32 | 000,001,460 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\d3d9caps64.dat [2008.12.16 19:27:41 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.12.16 18:53:11 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2008.12.16 17:42:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.12.16 16:19:18 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.01.21 03:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.06.27 17:13:51 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll [2007.01.10 07:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll [2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.01.2012 02:46:54 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = d:\Eigene Dateien\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,55% Memory free
4,10 Gb Paging File | 1,74 Gb Available in Paging File | 42,46% Paging File free
Paging file location(s): d:\pagefile.sys 200 6141 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 46,58 Gb Total Space | 1,35 Gb Free Space | 2,90% Space Free | Partition Type: NTFS
Drive D: | 419,18 Gb Total Space | 18,16 Gb Free Space | 4,33% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 179,10 Gb Free Space | 38,45% Space Free | Partition Type: NTFS
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01 [binary data]
"VistaSp2" = CA E3 32 7C 0C 40 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AB4E97-8536-4766-8CEB-7681A34AA0FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{126646E6-1789-40A8-8A08-6FEB54C14EBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{19609269-9AD0-4803-B75A-F8FCFB40B71E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{8F391270-775A-4D68-B6E8-2F1E272816B8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{C8BF20A5-8AB3-437D-B8D7-2E3F1EB28320}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EC8BE933-3AEC-4D3C-9C18-BEEA1B89E526}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0028FD69-2A6D-4C25-A07F-35B98392BAE5}" = protocol=6 | dir=in | app=g:\starcraft ii beta\starcraft ii.exe |
"{009A0439-0C32-46DC-8D49-9305BA32A8CA}" = protocol=17 | dir=in | app=g:\starcraft ii beta\starcraft ii.exe |
"{093FD1E1-904D-42C9-BFBC-DE2D69F6A168}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |
"{0BC85B5A-5F9D-4355-983D-259F3FDEB81F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{14C2C56A-020C-483B-9652-4EE4A6F93ED9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-engb-downloader.exe |
"{20EE46CB-7B6B-48AA-9312-2A4CC87E0BD4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{247293B2-1D32-42CF-96EE-EFEA7D7447B9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2A0EBFDF-F015-426C-B518-8A5E5ACECE35}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B2ECD34-4320-4770-8C28-2A67F7F0E64F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-engb-downloader.exe |
"{2DA8B6A5-B5B6-45F2-87F8-40B660C1A297}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"{2F8E0C54-92EA-411D-B5FC-EB4B3BACDAC7}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{30C2C4F8-71C5-46F2-B9F6-98E6FFE512C0}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{35311EDB-A605-40B4-97EE-4260601EF033}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |
"{356884ED-F130-4CE6-AAD3-88697C4A245B}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{3D26EEA9-716D-4328-9C35-EC47327A2EF8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{3F38B2C7-D84D-4C96-B8AF-DAA2234BDF08}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe |
"{3FE855CE-28B1-479E-94B2-9B93CB6F526A}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |
"{4A04043A-7112-4CF2-B7A1-0D89DCAA7C05}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{5870683E-33B4-4FBA-85D8-BFAA8DF7D521}" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base15405\sc2.exe |
"{5904F188-842B-4639-90A1-40625B7AFBD3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5AE94D05-C753-4E25-BACB-FDF0DB71C337}" = protocol=6 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
"{6591139B-6E6D-45D9-BF08-588522075585}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{6C53A7A2-CEFD-4069-9503-8C5D9293240A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{745A5B69-E84A-4260-B700-7245155F2F67}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{752515EC-BC19-452E-AFC1-28CBA67534F6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{78464AC6-31E2-47B9-8877-EF326AEC43D1}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{7F3B425C-1C68-40A5-BD81-3E1AD5C85D76}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7FB809E6-1D32-45C3-BF67-D105ACEDE377}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{8470FF4A-3AF8-4C10-892B-85322B45D093}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{877C1EED-5BE4-476F-BC23-5BB9EAEB796F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{88337F93-76E2-4909-8688-A60D182621E6}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{8E80FE1E-58F2-4F30-B4C2-BED7C299DC0A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{98DA309C-3D42-4E2E-B929-83793B9E593F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{A69A69FF-CFDC-491E-B9BB-AA5DE9DD9791}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{ADE09B3F-72D8-40FC-8AC8-AA16371257AC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{AF5FF9E2-7998-4D94-8C70-CC9E4F4E5B86}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"{BA4FF451-F191-47B9-BDC6-EB02938FDEC4}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{CE64C580-F432-448C-A515-280E934375FE}" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base15405\sc2.exe |
"{D40D60A8-12E6-46A3-8065-BA37D5C6BAA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D53FD005-A2C0-4BC1-8209-E2E6C50D70E6}" = protocol=17 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
"{E206BC36-D988-4B2F-804F-F9A37A4BD48C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{E35207D1-2CA2-4B77-8616-E8286E201B21}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{F2175399-6F3D-4D23-BCF5-2606D9FDCC17}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F3ACB5B4-3C18-43DC-8C3F-BA53AD966A23}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |
"{F4B794BF-03A8-4A79-9D90-3FBF856F7B6F}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe |
"TCP Query User{04999B13-B713-448A-A760-801A4E6B3E86}C:\program files (x86)\hercules\dualpix exchange\station2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hercules\dualpix exchange\station2.exe |
"TCP Query User{04F99405-44ED-4050-85E9-F1DEF4D3DFCA}G:\starcraft ii beta\versions\base15655\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base15655\sc2.exe |
"TCP Query User{0669F4D8-5180-431A-B4F0-D0210F7820A2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{0E062DA8-C87C-4259-B1EC-940C4D6B7B79}G:\starcraft ii beta\versions\base15623\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base15623\sc2.exe |
"TCP Query User{110AC27D-6875-48E9-8DE5-EBDA38D328D3}G:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{112407B1-F907-4A02-B705-64B391BE5712}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{14AEEEE1-5B62-48FC-B8D2-F36020BD1C11}G:\starcraft ii beta\versions\base15343\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base15343\sc2.exe |
"TCP Query User{14C78FAF-FA42-4C2B-9E00-5B6FA1F5FFA5}G:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{1E6B2601-426E-4452-BC2E-37E3A4F55D68}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{1F11C97E-4DF2-43C3-9C70-80ADD2A9DA2D}C:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon" = protocol=6 | dir=in | app=c:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon |
"TCP Query User{2FBA4509-2306-4CBB-8EE4-E7DA5DFF6BC6}G:\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{31207874-2AE3-41BB-BDFE-8AE1DECA86FF}G:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{476DA5AB-2D4F-4C46-89DA-8EB34CCEA026}G:\starcraft ii beta\versions\base15250\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base15250\sc2.exe |
"TCP Query User{5288A8FC-2A95-4A39-9FEC-1AA9DE7B429D}D:\udk\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\udk\binaries\win32\udk.exe |
"TCP Query User{58E5452B-0CD7-4469-937D-AB8172067BA3}G:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{687E0A65-88C1-4331-B2E0-B3A2C447EC95}D:\wow server\0.4.3\worldserver.exe" = protocol=6 | dir=in | app=d:\wow server\0.4.3\worldserver.exe |
"TCP Query User{6D6A66F0-7B8E-4DC8-8CFD-FF9C4E2A81D0}D:\udk\binaries\swarmagent.exe" = protocol=6 | dir=in | app=d:\udk\binaries\swarmagent.exe |
"TCP Query User{6EECF5F3-4070-4E9D-B534-648A9621C85B}D:\eigene dateien\desktop\keyclone\keyclone\keyclone.exe" = protocol=6 | dir=in | app=d:\eigene dateien\desktop\keyclone\keyclone\keyclone.exe |
"TCP Query User{70C12CE0-B167-444C-B840-03806D698518}G:\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{782A4E0C-A529-44F9-B0FF-64C2AE43974B}D:\wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{849CD131-DD8A-43FD-9389-E5F7E65A7DD2}C:\program files (x86)\steam\steamapps\capt_zero\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\capt_zero\counter-strike\hl.exe |
"TCP Query User{84BCF5F0-5771-401A-948C-DC8AE3DD97F5}C:\program files (x86)\hercules\dualpix exchange\x64\controlui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hercules\dualpix exchange\x64\controlui.exe |
"TCP Query User{93B7B4AA-2AA9-41AB-B609-A105DF50C4E5}D:\wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{9EEDDFDE-C9D5-4FDB-8392-BB0E333E1783}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{AA6D66E8-973E-4686-8B09-B33EAA55AA15}C:\program files (x86)\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left 4 dead\left4dead.exe |
"TCP Query User{AD5A8DD7-1E8C-4385-A3A1-1DB0AF005400}D:\eigene dateien\desktop\teamviewer.exe" = protocol=6 | dir=in | app=d:\eigene dateien\desktop\teamviewer.exe |
"TCP Query User{B0EC9214-EC43-4492-860A-76EEA785D730}G:\starcraft ii beta\versions\base15580\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base15580\sc2.exe |
"TCP Query User{B3BA9CDF-71D6-495D-B3A2-27708BC280B6}C:\program files (x86)\dcpflics\dcpflics_tools.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dcpflics\dcpflics_tools.exe |
"TCP Query User{B4A9A0E8-35A6-4575-925B-A4A6B8F37E49}G:\starcraft ii beta\versions\base16036\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii beta\versions\base16036\sc2.exe |
"TCP Query User{BC528556-E5BD-433C-B7E5-425CAAADA99E}G:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{BD0FC31B-922C-4DDF-9E83-2B208409E6C8}G:\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=g:\left 4 dead 2\left4dead2.exe |
"TCP Query User{C16A04D1-FF63-45E6-B29F-C7A9C66B83F1}C:\program files (x86)\steam\steamapps\gecko1987\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gecko1987\counter-strike\hl.exe |
"TCP Query User{C18BEC06-7CF9-43B3-BDB6-319253665F76}D:\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\left4dead\left4dead.exe |
"TCP Query User{C4AF9DDD-E2F5-4941-9FDD-77B29256CED0}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe |
"TCP Query User{C8108E2E-D421-45A2-B17D-4B50F0B7212B}C:\program files (x86)\steam\steamapps\capt. archer\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\capt. archer\counter-strike\hl.exe |
"TCP Query User{CD078196-0F76-4122-A957-AA0F9108A754}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{CFDABB3F-D7AB-4999-9324-C8B44180BCCA}G:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{D1D48C60-A5D6-4423-9463-EA6609F4A6AC}G:\world of warcraft omegawow\launcher.exe" = protocol=6 | dir=in | app=g:\world of warcraft omegawow\launcher.exe |
"TCP Query User{D55665C7-EC8C-47B2-B9D6-10BA9D2A4FF5}C:\program files (x86)\steam\steamapps\vuchen\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vuchen\counter-strike\hl.exe |
"TCP Query User{D95F5F7E-6E25-488F-9FE2-DDD0BCF1DB5A}G:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{DCF13F76-E8C2-4129-ADBB-7B187A41CDD3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E72C408A-6905-4906-AAE3-0F9570B3B75E}G:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=g:\world of warcraft\launcher.exe |
"TCP Query User{FAC9172D-69B3-4A60-BFB3-FFFCDD4ADDEE}G:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{FC20792B-8818-41B5-89DA-D06E730EDE95}G:\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=g:\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{FC612DAD-388F-4526-835D-A36287DFF58C}G:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{0296D355-1F14-4ACD-96F8-71EB3E27B8C0}D:\udk\binaries\swarmagent.exe" = protocol=17 | dir=in | app=d:\udk\binaries\swarmagent.exe |
"UDP Query User{03A62EE5-E8DA-4CB2-9362-4B8D9D446205}G:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{043788E2-BEDE-4C2B-83DF-F05A4D5BE301}G:\world of warcraft omegawow\launcher.exe" = protocol=17 | dir=in | app=g:\world of warcraft omegawow\launcher.exe |
"UDP Query User{04E9281E-22A8-4261-99F8-63182027A2D6}D:\wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{0617993D-4827-4794-A2FC-1FF029D65A8E}G:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=g:\world of warcraft\launcher.exe |
"UDP Query User{07F027B5-6690-4C5F-8A68-0F696D19330E}G:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{0B5786ED-9FA5-4C64-896A-C6685FF346D0}D:\eigene dateien\desktop\keyclone\keyclone\keyclone.exe" = protocol=17 | dir=in | app=d:\eigene dateien\desktop\keyclone\keyclone\keyclone.exe |
"UDP Query User{11159A9E-5E90-41F6-A353-F5F05583E5DC}G:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{1B25D47B-F02B-4B0D-B6E0-7E05459EFA07}C:\program files (x86)\hercules\dualpix exchange\x64\controlui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hercules\dualpix exchange\x64\controlui.exe |
"UDP Query User{1D1F71E5-B9AA-4072-AAAE-65911CF0BABE}C:\program files (x86)\steam\steamapps\capt_zero\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\capt_zero\counter-strike\hl.exe |
"UDP Query User{24677FC3-36CB-4188-881B-CBF07ABA6C4E}G:\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{25C7AEE2-9E45-4EDE-ABC9-1DB3A3A0A61D}C:\program files (x86)\steam\steamapps\vuchen\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vuchen\counter-strike\hl.exe |
"UDP Query User{2C575B06-5E17-450C-937C-3FAA44AAF0EC}C:\program files (x86)\steam\steamapps\capt. archer\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\capt. archer\counter-strike\hl.exe |
"UDP Query User{30E7D9DE-AC32-4B30-8190-97C486F707E3}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{34003FB4-4B2D-4330-9D14-63137E3DE2CD}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{35D254C3-B6AD-4B2F-896D-4430DAE6685B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{37B2A8E3-C565-4882-8E84-B8A6100DC735}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{3A84B166-39CD-4D8E-8434-C5D68D98ADB3}C:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon" = protocol=17 | dir=in | app=c:\program files\e-on software\vue 7 xstream\application\vue 7 xstream.eon |
"UDP Query User{403C5E48-C41A-46B9-A0DF-0F55D7E6D75B}G:\starcraft ii beta\versions\base15623\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base15623\sc2.exe |
"UDP Query User{4231D993-973C-44A6-A996-024B09C3093C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{51542CAD-1BCD-409B-8CB7-FF184F7761C3}D:\wow server\0.4.3\worldserver.exe" = protocol=17 | dir=in | app=d:\wow server\0.4.3\worldserver.exe |
"UDP Query User{527A1EA4-0886-4676-B868-A992CC725254}G:\starcraft ii beta\versions\base15343\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base15343\sc2.exe |
"UDP Query User{59FE6F9E-2B71-4D80-86A5-3255E0080DF2}G:\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=g:\left 4 dead 2\left4dead2.exe |
"UDP Query User{5A36F70F-6116-4540-B877-76CD3FDD3E02}G:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{62022CBC-5A4C-4766-8F6C-02CE19B28831}G:\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=g:\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{6E7336D0-BE28-4BB2-A423-A86085A00D89}D:\udk\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\udk\binaries\win32\udk.exe |
"UDP Query User{6E86DF18-12C1-40B2-AD68-F39C1CBE6447}G:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{70FB9AD9-E2C7-4D37-A245-E43EDFACFE06}D:\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\left4dead\left4dead.exe |
"UDP Query User{7523BCA3-EBF4-44C7-AB39-2FA4A7F5045D}G:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{80358997-7A7B-4438-B6BC-479FD0423533}C:\program files (x86)\hercules\dualpix exchange\station2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hercules\dualpix exchange\station2.exe |
"UDP Query User{865E4B7A-9F62-4482-B31F-FD8EDB8A16D6}G:\starcraft ii beta\versions\base15655\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base15655\sc2.exe |
"UDP Query User{9175BD96-92D3-480A-8FCE-36999FA13D9C}D:\eigene dateien\desktop\teamviewer.exe" = protocol=17 | dir=in | app=d:\eigene dateien\desktop\teamviewer.exe |
"UDP Query User{95F2DE80-6272-4F8F-AE74-CE056777F7E7}G:\starcraft ii beta\versions\base16036\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base16036\sc2.exe |
"UDP Query User{A4AA5F15-652E-40E3-9BF4-98099B9B8D5E}G:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{A8C7425C-7B52-4964-903A-A0FC67AE6E4F}G:\starcraft ii beta\versions\base15250\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base15250\sc2.exe |
"UDP Query User{AFEEE774-CEED-41E4-8F74-11110EBAEEC5}C:\program files (x86)\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left 4 dead\left4dead.exe |
"UDP Query User{B75ED5FF-0D7A-44EF-B45C-EA2CF3C1B46C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{C487A269-9CFF-4F0C-A587-FEDCDB873217}C:\program files (x86)\steam\steamapps\gecko1987\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gecko1987\counter-strike\hl.exe |
"UDP Query User{C6D634C7-5022-49EF-B2D2-F1F79BA1CC85}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe |
"UDP Query User{DD82E34F-60FA-488E-81DE-8DCF778C7AA1}C:\program files (x86)\dcpflics\dcpflics_tools.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dcpflics\dcpflics_tools.exe |
"UDP Query User{DECFC639-45AE-452D-AF9A-3B13CFA4827E}G:\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{E0AF26AA-7ED6-4418-9619-474DBE34BCB9}G:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{E9AA1E0B-F740-472B-BE8A-A08A6827581B}D:\wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{EA32C37B-AF8D-4CAE-B736-CEE880F88D69}G:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{F32EAFC6-F5D0-4FEE-8D0D-203B2279A724}G:\starcraft ii beta\versions\base15580\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii beta\versions\base15580\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1A4CC779-0B89-45A4-A9BA-A8E0AB26491F}" = 3Dconnexion Plug-In for Photoshop CS3 - CS4
"{1ABD9441-9700-4078-ACF5-0B00AABDCE83}" = 3Dconnexion Add-In for SolidWorks 2005 - 2010 (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{222B1BC7-7C51-47AF-8602-7C70CAEA1BE6}" = 3Dconnexion Plug-In for 3ds Max v9 - 2010
"{23170F69-40C1-2702-0462-000001000000}" = 7-Zip 4.62 (x64 edition)
"{2569E247-6F6B-41AD-B3E0-4FF0064ABD2F}" = 3Dconnexion Add-In for Solid Edge V18 - ST2
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{321C5778-030D-40AC-84E0-9EF9E40CA43F}" = 3Dconnexion 3DxWare (x64)
"{3E329006-9EB3-4979-A36B-BA04FB4EB70C}" = 3Dconnexion Add-In for Inventor 11 - 2010
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{731F7C21-A8D9-465B-B558-3D4D575B62BD}" = Autodesk Mudbox 2010 (64bit)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9226D72B-4CF2-49A1-83C7-215C0148AF03}" = 3Dconnexion Plug-In for NX v3.0 - v7.0
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95F7167A-4EE4-4829-AA43-79C47B5C9FDC}" = OMP Index Reference Increment (64-bit)
"{9F487FBB-72CA-4A33-94C4-5C4665389A29}" = Sun VirtualBox
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A4365F0A-5F69-4CC4-81B8-431DBBAF0AFE}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
"{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
"{C128CDED-5D9B-4112-935C-FE2101966349}" = 3Dconnexion Plug-In for Pro/ENGINEER WF3 - WF5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EC105C08-55C5-4275-B439-5A9EBD284A8E}" = 3Dconnexion Plug-In for Maya v8.5 - 2010
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD238F33-CFBD-415B-B039-64C2E74F3E8B}" = 3Dconnexion Add-On for XSI v3.5 - 2010
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"doPDF 6 printer_is1" = doPDF 6.2 printer
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProgDVB" = ProgDVB
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-6ca2116c-8540-4549-b351-fd470a0e37dd" = Unreal Development Kit: 2009-11
"V-Ray for 3dsmax 2010 for x64" = V-Ray for 3dsmax 2010 for x64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}" = Hercules DualPix Exchange Webcam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30E1022C-17EB-482A-8C82-16B79B98C4E4}" = Express Gate Updater
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{332B1B33-D0EE-4A0A-AB2F-12BF56BCE1C3}" = FaceGen Modeller 3.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36E0EEDD-C5DA-4130-A295-EB208546D53A}" = 3Dconnexion Extension for SketchUp
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}" = uMedia uTV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B7D1750-582F-11D5-BEAF-0010B5557565}" = Ulead PhotoImpact 7
"{7C851E20-80E8-4532-A6C4-85454D3814E5}" = FumeFX 1.2 R2010 64-bit
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E58D4D5-DA6B-4F6D-8E92-7753B27DB80B}" = FumeFX 1.2 R2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0EAF312-A084-11D3-A9AE-00E0811016CA}" = InSync
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda Standard V5.8.0
"{C1ECB98D-1D38-4DBC-976C-457E6BE6EA2B}" = 3Dconnexion Plug-in for Acrobat 3D
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D60F76EB-4F16-4467-BFC9-F27A41E1DCC7}" = Krakatoa 1.5.1.38002 for 3ds Max
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AFPL Ghostscript 7.04" = AFPL Ghostscript 7.04
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"AutoItv3" = AutoIt v3.3.0.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"Facial Studio" = Facial Studio
"Fake Webcam_is1" = Fake Webcam 6.1.3
"FBX Plugin 2006.11.1 for Max 2008 64" = FBX Plugin 2006.11.1 for Max 2008 64
"Foxit Reader" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 6.4
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"LameACM" = LameACM
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"pepakura_designer3en" = Pepakura Designer 3
"pepakura_viewer3en" = Pepakura Viewer 3
"RealAlt_is1" = Real Alternative 1.9.0
"StarCraft II" = StarCraft II
"SWiSH Max3" = SWiSH Max3
"SWiSHmax" = SWiSHmax
"Switch" = Switch Sound File Converter
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trapcode Shine" = Trapcode Shine
"TrueCrypt" = TrueCrypt
"UltraStar Deluxe" = UltraStar Deluxe
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 0.9.8a
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"V-Ray for 3dsmax 2010 for x86" = V-Ray for 3dsmax 2010 for x86
"Vue 7 xStream 64bit" = Vue 7 xStream 64bit
"Warkeys" = Warkeys 1.15.7.0b
"Webcam and Screen Recorder_is1" = Webcam and Screen Recorder 4.5.6
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.01.2012 04:29:06 | Computer Name = XXXX | Source = LoadPerf | ID = 3012
Description =
Error - 13.01.2012 04:29:06 | Computer Name = XXX | Source = LoadPerf | ID = 3012
Description =
Error - 13.01.2012 04:29:06 | Computer Name = XXXX | Source = LoadPerf | ID = 3011
Description =
Error - 14.01.2012 05:16:11 | Computer Name = XXX | Source = LoadPerf | ID = 3012
Description =
Error - 14.01.2012 05:16:11 | Computer Name = XXXX | Source = LoadPerf | ID = 3012
Description =
Error - 14.01.2012 05:16:11 | Computer Name = XXX | Source = LoadPerf | ID = 3011
Description =
Error - 14.01.2012 20:57:21 | Computer Name = XX | Source = Application Hang | ID = 1002
Description = Programm nut.exe, Version 5.0.0.4513 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 918 Anfangszeit: 01ccd3205d8a86c2 Zeitpunkt der Beendigung:
8377
Error - 14.01.2012 21:18:55 | Computer Name = XXXXXXXX | Source = LoadPerf | ID = 3012
Description =
Error - 14.01.2012 21:18:55 | Computer Name = XXXXXXXX | Source = LoadPerf | ID = 3012
Description =
Error - 14.01.2012 21:18:55 | Computer Name = XXXX | Source = LoadPerf | ID = 3011
Description =
[ System Events ]
Error - 13.01.2012 04:21:51 | Computer Name = XXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 13.01.2012 04:21:57 | Computer Name = XXXX | Source = Service Control Manager | ID = 7026
Description =
Error - 13.01.2012 08:34:39 | Computer Name = XXXX | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 14.01.2012 05:09:58 | Computer Name = XXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 14.01.2012 05:10:04 | Computer Name = XXXX | Source = Service Control Manager | ID = 7026
Description =
Error - 14.01.2012 14:28:24 | Computer Name = XXXX | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 14.01.2012 20:55:36 | Computer Name = XXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 14.01.2012 20:55:42 | Computer Name = XXXX | Source = Service Control Manager | ID = 7026
Description =
Error - 14.01.2012 21:12:47 | Computer Name = XXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 14.01.2012 21:12:53 | Computer Name = XXXX | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:45 on 15/01/2012 (XXXXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Was kann ich noch tun um sicherzugehen dass dieser Virus wirklich entfernt worden ist und nicht nur die Symptome unterdrückt wurden. Wäre jemand so freundlich sich mein Logfile anzugucken oder gegebenfalls weitere Logs anzufordern? Ich danke vielmals im Voraus :-) Geändert von kyubi1 (15.01.2012 um 03:12 Uhr) Grund: Textdateien in CODE-Tags |
|
15.01.2012, 11:30
| #2 |
| |  Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D Lauf Hi,
__________________leider finde ich den Button zum zweiten mal editieren nicht mehr. Ich habe einige Infos zu meinem Vorgehen über Nacht: 1. einen weiteren Spybot S&D Scanläufe ohne Funde 2. einen Avira Anti Vir Scanlauf ohne Funde Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 15. Januar 2012 08:39
Es wird nach 3069807 Virenstämmen gesucht.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista 64 Bit
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : XXX
Computername : XXX
Versionsinformationen:
BUILD.DAT : 9.0.0.429 Bytes 06.10.2010 09:59:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 15:47:37
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 11:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 09:41:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 15:47:37
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 17:03:18
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:41:43
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 17:41:43
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 17:41:43
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 17:41:43
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 17:41:44
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 17:41:44
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 17:41:44
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 17:41:44
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 17:41:44
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 17:41:44
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 17:41:44
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 16:33:05
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 11:23:42
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 08:58:53
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 09:15:46
VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 20:22:19
VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 20:22:20
VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 14:40:37
VBASE020.VDF : 7.11.20.207 230400 Bytes 10.01.2012 16:06:31
VBASE021.VDF : 7.11.20.236 150528 Bytes 11.01.2012 08:08:29
VBASE022.VDF : 7.11.21.13 135168 Bytes 13.01.2012 16:06:18
VBASE023.VDF : 7.11.21.14 2048 Bytes 13.01.2012 16:06:18
VBASE024.VDF : 7.11.21.15 2048 Bytes 13.01.2012 16:06:18
VBASE025.VDF : 7.11.21.16 2048 Bytes 13.01.2012 16:06:18
VBASE026.VDF : 7.11.21.17 2048 Bytes 13.01.2012 16:06:18
VBASE027.VDF : 7.11.21.18 2048 Bytes 13.01.2012 16:06:19
VBASE028.VDF : 7.11.21.19 2048 Bytes 13.01.2012 16:06:19
VBASE029.VDF : 7.11.21.20 2048 Bytes 13.01.2012 16:06:19
VBASE030.VDF : 7.11.21.21 2048 Bytes 13.01.2012 16:06:19
VBASE031.VDF : 7.11.21.28 26112 Bytes 13.01.2012 16:06:20
Engineversion : 8.2.8.26
AEVDF.DLL : 8.1.2.2 106868 Bytes 29.10.2011 06:04:25
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 13.01.2012 16:07:42
AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 17:46:28
AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 18:19:21
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 16:48:09
AEPACK.DLL : 8.2.15.1 770423 Bytes 14.12.2011 16:23:19
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 09:15:53
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 13.01.2012 16:07:32
AEHELP.DLL : 8.1.18.0 254327 Bytes 29.10.2011 06:04:21
AEGEN.DLL : 8.1.5.17 405877 Bytes 12.12.2011 16:02:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 17:45:27
AECORE.DLL : 8.1.24.3 201079 Bytes 29.12.2011 09:08:34
AEBB.DLL : 8.1.1.0 53618 Bytes 23.04.2010 15:36:52
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:56
AVPREF.DLL : 9.0.3.0 44289 Bytes 08.09.2009 19:38:15
AVREP.DLL : 10.0.0.9 174120 Bytes 04.03.2011 17:44:56
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 30.07.2009 20:48:38
RCTEXT.DLL : 9.0.73.0 87297 Bytes 19.11.2009 15:47:37
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, G:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Beginn des Suchlaufs: Sonntag, 15. Januar 2012 08:39
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Zugriff auf die Rootkit Suche wurde verweigert.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpybotSD.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'AiNap.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SoundTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TimounterMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVCM.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTClient.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'raysat_3dsmax2010_64server.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'IGDCTRL.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCPFLICS.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdskScSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEADISRV.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsCmd.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SixEngine.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'aaCenter.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '0' Modul(e) wurden durchsucht
Es wurden '13' Prozesse mit '13' Modulen durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '48' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <System>
Beginne mit der Suche in 'D:\' <Daten>
D:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
D:\Download\R4V1.5.7z.001
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\Download\3D SOFTWARE\3D Objects\Archmodels\Vol_31_-_Bitki.part02.rar
[0] Archivtyp: RAR
--> Vol 31 - Bitki\024.max
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
Beginne mit der Suche in 'G:\' <Daten II>
Ende des Suchlaufs: Sonntag, 15. Januar 2012 11:05
Benötigte Zeit: 2:25:49 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
52544 Verzeichnisse wurden überprüft
1649889 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
1649888 Dateien ohne Befall
13863 Archive wurden durchsucht
4 Warnungen
1 Hinweise
4. Java Version geupdated (von V6.23 auf Version 6.30) 5. Flash Version überprüft (ist auf dem neusten Stand V11,1,102,55 installed) |
|
18.01.2012, 17:21
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D LaufZitat:
__________________ |
|
18.01.2012, 21:52
| #4 |
| | Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D Lauf Hi, die Quelle kann ich nicht mehr nachvollziehen, es handelt sich um ein 3D Prgogramm Rhinoceros - Änderungsdatum 14.04.2010 (scheint wohl schon eine ganze Weile dort zu sein). Sollte ich die Registry Datei aus dem http://www.trojaner-board.de/100079-...entfernen.html Posting benutzen? |
|
18.01.2012, 21:54
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D Lauf Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.01.2012, 19:21
| #6 |
| | Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D Lauf Hi, vielen Dank für Deine Antwort. Hier ist ein altes Log von 2010-07-16 Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4320
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
16.07.2010 22:48:02
mbam-log-2010-07-16 (22-48-02).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 562454
Laufzeit: 1 Stunde(n), 36 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aarc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemupdate (Backdoor.Bifrose) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
d:\Eigene Dateien\Documents\SYS\msascui.exe (Trojan.Agent) -> Delete on reboot.
und hier das neue Ergebnis Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.19.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 7.0.6002.18005 XXXX :: XXXX [Administrator] 19.01.2012 17:06:10 mbam-log-2012-01-19 (17-06-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 627354 Laufzeit: 2 Stunde(n), 10 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Download\WinRar_3.80_Portable\Portable Winrar\P._WinRAR_3.80_by_P4.exe (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Eigene Dateien\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.01.2012, 22:40
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D LaufZitat:
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D Lauf |
| 0x00000001, 64-bit, 7-zip, adobe after effects, angriff, anhang, anleitung, anschluss, audacity, datei, diverse, entfernt, focus, freundlich, gen, gmer, griff, index, install.exe, intranet, launch, locker, logfile, plug-in, popups, prozesse, registry, s&d, safer networking, schattenkopien, schliessen, search, security, spybot, spybot s&d, tablet, third party, unterstützung, version, virus, vista, vista security 2012 alert virus, vista32, vodafone, wirklich |
