| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizeivirus, UkashWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.10.2012, 22:23
| #7 |
 |  Bundespolizeivirus, Ukash Hallo Kira, als hätte ich es geahnt: Ich konnte zwar mit der Systemwiederherstellung und dem Backup die Nutzer- und System-Dateien zum größten Teil wieder herstellen bzw. überschreiben, aber das Image direkt drüber bügeln ging nicht, da das verdammte Windows auf der externen Platte das besch***eidene Image nicht findet (per eSATA und per USB nicht  ).Ich hab im Moment noch keine Ahnung, ob oder wie ich das noch hinbekomme, aber eventuell können wir trotzdem einen Scan durchführen, um zu schauen, ob sich noch verdächtige Sachen auf dem jetzigen System befinden? Falls Dir irgendwelche Programme/Anwendungen verdächtig vorkommen, versuche ich Dir gern - wenn ich es weiß - zu sagen, was das genau ist bzw. wofür ich das brauche. Also einen OTL-Scan (hat verdammt lange gedauert - daher auch erst jetzt meine Antwort) habe ich vor den Aktionen durchgeführt und dabei folgende Dateien erhalten - (ich habe aber nur nach Dateien der letzten 7 Tage gescannt, Vollscan, alle User): OTL.txt: Code:
ATTFilter OTL logfile created on: 03.10.2012 13:04:10 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Admin\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 87,57% Memory free 15,99 Gb Paging File | 15,03 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 139,64 Gb Total Space | 47,28 Gb Free Space | 33,86% Space Free | Partition Type: NTFS Drive D: | 279,47 Gb Total Space | 78,81 Gb Free Space | 28,20% Space Free | Partition Type: NTFS Computer Name: <Computername> | User Name: Admin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys File not found DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (Ch64PS2) -- C:\Windows\SysNative\drivers\Ch64PS2.sys (ZF Electronics GmbH) DRV:64bit: - (SNXPPAMD) -- C:\Windows\SysNative\drivers\snxppamd.sys (Manufactor) DRV:64bit: - (SNXPCAMD) -- C:\Windows\SysNative\drivers\snxpcamd.sys (Manufactor) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (MADFUAUDIOPHILE) -- C:\Windows\SysNative\drivers\MAudioAudiophile_DFU.sys (M-Audio) DRV:64bit: - (MAUSBAUDIOPHILE) -- C:\Windows\SysNative\drivers\MAudioAudiophile.sys (Avid Technology, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (A3AB) -- C:\Windows\SysNative\drivers\A3AB7x.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software) DRV:64bit: - (Ch64USB) -- C:\Windows\SysNative\drivers\Ch64USB.sys (Cherry GmbH) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\..\SearchScopes,DefaultScope = {BB125008-A694-4570-964A-7D22BD2F5DCF} IE - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\..\SearchScopes\{915E62B8-A148-4bfb-BFE2-A094051F7416}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\..\SearchScopes\{BB125008-A694-4570-964A-7D22BD2F5DCF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1584889617-2752888335-3933122927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101021092350 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} hxxp://ua.foto.com/ImageUploader6.cab (Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4537BFEA-1E4D-4C0F-82D4-9C45096857A0}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{65971a14-28ab-11df-8fb4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{65971a14-28ab-11df-8fb4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 7 Days ========== [2012.10.03 13:03:11 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.09.28 18:52:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 7 Days ========== [2012.10.03 13:03:12 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.10.03 12:55:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.03 12:55:20 | 2145,198,079 | -HS- | M] () -- C:\hiberfil.sys [2012.10.03 11:21:09 | 000,022,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.03 11:21:08 | 000,022,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.03 11:18:34 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.09.29 23:34:36 | 001,515,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.29 23:34:36 | 000,662,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.29 23:34:36 | 000,622,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.29 23:34:36 | 000,132,942 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.29 23:34:36 | 000,109,062 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.11 23:21:05 | 000,028,890 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel [2011.03.27 13:55:57 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.12.23 02:18:50 | 001,539,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.07 00:22:21 | 000,000,000 | ---- | C] () -- C:\Users\Admin\.gtk-bookmarks [2010.03.26 22:16:43 | 000,007,619 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2010.03.06 15:20:41 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.03.20 15:49:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon [2010.03.06 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cherry [2010.08.13 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON [2011.06.11 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2012.05.06 13:16:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2011.04.24 00:37:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.01.29 13:47:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2010.10.17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuxPaint [2012.04.08 01:22:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2010.03.07 01:20:38 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer2>\AppData\Roaming\Cherry [2012.10.03 11:16:52 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer2>\AppData\Roaming\IrfanView [2011.05.20 20:02:17 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer2>\AppData\Roaming\Opera [2010.03.20 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\Canon [2010.03.12 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\Cherry [2012.10.03 11:16:53 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\IrfanView [2010.03.12 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\Opera [2010.10.23 13:28:40 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\tuxmath [2010.10.23 13:07:52 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\TuxPaint [2010.10.23 13:07:02 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\TuxType [2012.04.09 00:24:22 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer1>\AppData\Roaming\Ubisoft [2010.03.07 10:37:04 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\Cherry [2010.10.17 13:54:40 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\fltk.org [2010.03.13 13:35:33 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\Opera [2010.10.17 16:04:02 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\tuxmath [2010.10.17 14:25:57 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\TuxPaint [2010.10.17 14:35:48 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\TuxType [2012.09.08 15:58:30 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\Unity [2012.03.31 13:54:14 | 000,000,000 | ---D | M] -- C:\Users\<Nutzer3>\AppData\Roaming\WB Games ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.10.2012 13:04:10 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 87,57% Memory free
15,99 Gb Paging File | 15,03 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,64 Gb Total Space | 47,28 Gb Free Space | 33,86% Space Free | Partition Type: NTFS
Drive D: | 279,47 Gb Total Space | 78,81 Gb Free Space | 28,20% Space Free | Partition Type: NTFS
Computer Name: <Computername> | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028A29A7-4619-4821-84C9-A30A41F71014}" = lport=137 | protocol=17 | dir=in | app=system |
"{1927218E-01AE-43EA-A7C5-E5DF802CBF26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D985645-4999-4C1F-91DC-34874118F9D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{243AB274-B0D6-4D6E-B2E5-9BDBF167DB70}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D7DBEBE-105F-45C2-83AE-E57B5B74DD9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31DAAA43-9344-406F-9405-69EBB608E3F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{32730A81-E980-4CE8-B361-481C6996E0D2}" = lport=138 | protocol=17 | dir=in | app=system |
"{38238871-B1B5-4846-A17E-C70DBC770E89}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CC78072-8531-4EC6-8077-EF92D7C62C8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{419D06B2-0542-44F7-8BDA-AFE19BC3110F}" = rport=137 | protocol=17 | dir=out | app=system |
"{4FB6ADE4-862A-48AF-B48B-691FDC1ED880}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FF7D708-9D0F-47D6-9A41-E48C51F73306}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{534AF6A3-6734-49FD-A76C-2A7FEDC95B7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5738EC47-8C27-43DE-9910-D834B29B303C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79983DC1-16D7-4EA5-91ED-A25C8A8B3102}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E8080C5-E100-423B-9C03-786C0FAA07A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8301B935-E869-44CF-BB57-F2CE017CAF2A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9C0E0908-D14A-4E92-ACDF-13159C81370B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C910499-8C51-4F4C-8F29-12D219849BFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A29CA07E-B53C-434D-BB75-05F3429B8A56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A4103E90-E84C-4369-8CD3-C163F5944F37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8E90254-60E3-4BB5-A5F7-5B01EBC0315D}" = rport=445 | protocol=6 | dir=out | app=system |
"{AFDAEB04-0A4A-4118-B392-7AFA783DCE3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B76A12CA-50FC-4AE9-BDC8-C0CED6CF12B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C85CBFED-5319-45AE-8963-B33DA15074F3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D07D7DBD-BECF-4015-A9C3-010A28AC1254}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D284D0E6-6946-4F1F-B18D-E76BAF77F290}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED92C84A-5898-42AA-99D0-86E62C45FEBA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EDB2A947-C051-470A-A81C-25F3C61E6B87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F9E3E8AA-7DE3-4882-9F33-501B4CF0D8D8}" = lport=139 | protocol=6 | dir=in | app=system |
"{FD2B6330-C2CD-4C27-8056-6BC566EB53E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035F0B5A-7F2C-4A8E-AD16-3E98B638CEFF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{133D8FCB-A074-4D2D-9E32-1EBFD3DA218E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13BF6264-EBF2-4E4F-89AC-C47812B61D96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\team fortress classic\hl.exe |
"{18E08A09-0E8A-41BA-9A12-439996A4DA01}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{18E6A351-3AB1-47F2-AD8B-6ABAA0A940F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{1A75694D-E185-43AE-BBB0-5C12F4202081}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{1CEDF1BF-74C8-44C1-8D31-EF7AAD1D62AC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{1EA7D392-812A-4175-BB00-C107C0625250}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1EC1A404-E322-49E5-902A-32591AC15F31}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{42FE7EEC-A380-4760-8B03-6B98AEBDA6D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{486521B6-C1FD-4468-A050-805C8632697C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{48A5B12D-E0D2-4602-99DA-EFEE0E75605F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4A2A143C-A4E5-47C0-91BA-7421470582AC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{4CF9CA72-5A19-4445-B9FD-3BBFBFB00C7C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4E73E187-5D44-4A5A-AD36-071D2CB5A0F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\deathmatch classic\hl.exe |
"{5871AA39-359A-4D43-8641-BE429F1E6C07}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5AA3742F-4B07-4953-BDC2-BFBEFDB7C79E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60BEAB83-421B-43F9-81D8-7E2FEF9232A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{649868A1-5F2B-4818-A550-C6A4E5BBAD0A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{6699FB7B-AA5D-49BD-989C-DBC9639344A8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{6DBEEA64-D358-4F41-83FC-934828404A78}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{72F1FB9A-98B7-4124-B62A-7F3779CE5249}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C00EA5C-E733-4568-9979-25289E8CF014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C6CD62A-355C-4F46-955A-27AEC97B6E1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{827B57B1-F81B-4E4D-83C1-C40F3AB1F61C}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{82B310C6-E83B-46A9-A998-5E2BAED3972E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{834273C4-E0BB-4AD9-8E70-FB0A366E4A8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\half-life\hl.exe |
"{8D0C0A0B-83DF-4F82-BCA7-1BF044A9243A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F652F8F-B876-4AC6-86B8-9E5768BB0AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\team fortress classic\hl.exe |
"{8FFED326-AF48-48E9-B26B-54C8A848E863}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\team fortress classic\hl.exe |
"{9377C4FB-4275-43F1-8C64-A96E562195B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\team fortress classic\hl.exe |
"{973843C8-64DE-4593-A48C-E24F7DA30D13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{9F19EDA0-8112-488E-81D5-CAECFAE56947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A31485A8-8132-45FB-9DCE-D8AC23407F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{A5C7A401-8E0A-4836-A572-3C9FE0DFB146}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{A9CC6622-E751-4BB3-AD6E-49784E763110}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABF7ABBE-D767-40E3-8286-F6CA9404F5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{AF9F83FD-F0FB-4448-9634-0DE95E4E8170}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8D8EF6D-7F78-46D2-B1FE-DD1E5B50E6FA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{C955B406-BD5C-4373-978C-2825865D954E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CB6F0978-4CE1-4CA2-9D1D-9D3398DF1A18}" = protocol=6 | dir=out | app=system |
"{CBE68EA9-99B8-4192-8547-56487477AFED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D00F37B1-FC9E-439B-AFFA-D9D248722ECD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{DD7C968F-1F1C-458E-A701-980819FFC1EB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEBBE0D7-8B62-4CAE-B19B-53A79308C2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0B8355A-6715-41B8-9214-A81CCC86C0B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\deathmatch classic\hl.exe |
"{E3485260-7F98-47CE-8D1F-66A2E0421C6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7FFF232-229A-450F-B756-315D642B2D23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{EA3FF9F9-E952-419E-8480-64B6B4EC0FC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\<MeinSteamAccount>\half-life\hl.exe |
"{EC041E73-90AA-4357-A32F-69DE656ABFA7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F11DF433-9890-4E18-ABE3-5B2D956E150E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F158EAA0-E5EB-4805-968B-AA2F6DBC5653}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{F4C6B6DC-5C3F-44A3-838B-E38B2E0D48C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FFC33DB4-4F1F-457D-9238-FD049AAD7041}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0DA1EDA5-6130-418C-8019-AC49FEA5DE66}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{0E4B0EC1-FF18-4B06-8D95-D3138A51C255}C:\program files (x86)\sierra entertainment\timeshift\bin\timeshift.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\timeshift\bin\timeshift.exe |
"TCP Query User{3BE51104-288D-4075-A2AF-886F61A7717D}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{431957E9-A14F-4E64-912E-F070DFED5006}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"TCP Query User{64B525AC-C635-4544-ADD2-F04B3EBB31B8}D:\<Nutzer1>\spiele\team17\worms 4 mayhem demo\worms 4 mayhem demo.exe" = protocol=6 | dir=in | app=d:\<Nutzer1>\spiele\team17\worms 4 mayhem demo\worms 4 mayhem demo.exe |
"TCP Query User{AF7705D2-0C3B-47BA-9687-FB30D8580AC3}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{BECB1E32-4928-46BC-9A6C-684B9FC6AC78}C:\program files (x86)\gigabyte\gbtupd\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\gbtupd.exe |
"TCP Query User{DD704D36-65F7-42C5-8D7E-B91360AD9185}C:\users\<Nutzer2>\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\<Nutzer2>\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{09572947-EF85-4A4D-9271-DA2CE75B6876}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{1AF23635-CF55-414D-987F-3C603717CCD1}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"UDP Query User{27D28ED7-E10E-4EAD-A272-25BBED2D80E3}C:\program files (x86)\gigabyte\gbtupd\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\gbtupd.exe |
"UDP Query User{2890568A-E4DE-4F8D-9513-35AD6C88EC62}C:\users\<Nutzer2>\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\<Nutzer2>\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{7E0F0405-13B5-4C8D-8A6D-94DE4B93762B}C:\program files (x86)\sierra entertainment\timeshift\bin\timeshift.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\timeshift\bin\timeshift.exe |
"UDP Query User{7F0E9288-24B3-499C-BADC-92CBA95DEB58}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{F02E95C2-C9CF-4569-928F-21169EE5F00A}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{F174000C-C8D1-4B01-A33B-4B80E1B03960}D:\<Nutzer1>\spiele\team17\worms 4 mayhem demo\worms 4 mayhem demo.exe" = protocol=17 | dir=in | app=d:\<Nutzer1>\spiele\team17\worms 4 mayhem demo\worms 4 mayhem demo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets
"{33CF8D2C-0430-2949-FD8F-695C97C472C5}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54A0FF28-05C4-81E3-3CC1-13D0C2519EFF}" = ATI Catalyst Install Manager
"{5800B5A7-176D-C773-7BA0-AABB25C57591}" = ATI Problem Report Wizard
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{B3012F41-D8C7-5ABD-05D1-3EF39D9ACC22}" = WMV9/VC-1 Video Playback
"{B95653AB-0E7F-204A-3226-17E9F38E6951}" = AMD Drag and Drop Transcoding
"{CB5340E7-7745-7B18-1413-C14508C2AC2B}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.1002.1 (x64)
"{FF4F53F0-BEB0-4963-8746-A7A3F981196D}" = M-Audio Audiophile Driver 6.0.1 (x64)
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Loksim3D_is1" = Loksim3D
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift
"{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1209.1
"{481463D7-E5D9-4331-B154-B75D6D3C15F8}" = Worms 3D Demo
"{49354A5F-E2DB-4D2E-9D83-85AA4CAEB847}" = System180 3D
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F6FE1DC-E868-B38A-07E5-897508745128}" = ccc-core-static
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2D7918-7FAF-43AD-8332-D140EBE1001E}" = Kids Programming Language 1.2.0
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III Exile
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{BEA6BE31-4A1F-7FA2-B861-CBC0AC535731}" = Catalyst Control Center InstallProxy
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Die Jahre 1-4
"{CE8C262E-5DB4-C8AC-7DA2-DC88767653A1}" = HydraVision
"{D3D867DD-6C81-E695-4FFE-BE921DF44931}" = Catalyst Control Center Graphics Previews Common
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{ED340366-F336-420D-8867-88643836D900}" = Worms 4 Mayhem Demo
"{EE3A1D30-B97D-4EC0-BA65-EEE4131ECA9A}" = AirPlus XtremeG DWL-G520
"{F08A1CA0-55A7-8244-3A05-7431447CE9BA}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"InstallShield_{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1209.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.1002.1 (x64)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MixPad" = MixPad Audio Mixer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Multi-I/O Card Driver" = Windows Driver Package - Multi-I/O Card Driver (10/26/2009,7.0.0.0)
"MyCamera" = Canon Utilities MyCamera
"Opera 12.02.1578" = Opera 12.02
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RoboMind_is1" = RoboMind version 3.0
"Steam App 20" = Team Fortress Classic
"Steam App 22600" = Worms Reloaded
"Steam App 40" = Deathmatch Classic
"Steam App 500" = Left 4 Dead
"Steam App 60" = Ricochet
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"Switch" = Switch Sound File Converter
"ToneGen" = NCH Tone Generator
"Tux Paint_is1" = Tux Paint 0.9.21
"TuxMath" = Tux of Math Command (remove only)
"TuxType" = Tux Typing (remove only)
"VMware_Player" = VMware Player
"WavePad" = WavePad Sound Editor
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1584889617-2752888335-3933122927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.02.2012 07:19:53 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 04.02.2012 07:57:21 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 04.02.2012 09:03:55 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 05.02.2012 07:43:43 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 06.02.2012 06:39:54 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 07.02.2012 06:53:58 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 08.02.2012 15:50:51 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 09.02.2012 15:51:27 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 10.02.2012 13:03:48 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
Error - 11.02.2012 08:09:50 | Computer Name = <Computername> | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 03.10.2012 11:18:55 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:21:19 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:21:19 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:21:19 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:21:39 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:21:39 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:21:39 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:23:39 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:23:39 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.10.2012 11:23:39 | Computer Name = <Computername> | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter @BIOS Ver.2.06 GIGABYTE 06.03.2010 2.06
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 22.09.2012 6,00MB 11.4.402.278
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.09.2012 6,00MB 11.4.402.265
Adobe Reader 9.5.0 - Deutsch Adobe Systems Incorporated 15.01.2012 118MB 9.5.0
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 17.06.2012 11.6.5.635
AirPlus XtremeG DWL-G520 D-Link 07.03.2010 1.0.24
Assassin's Creed Ubisoft 03.12.2011 1.02
Assassin's Creed II Ubisoft 08.04.2012 1.01
ATI Catalyst Install Manager ATI Technologies, Inc. 25.12.2010 22,4MB 3.0.804.0
Browser Configuration Utility DeviceVM 06.03.2010 1.1.11.0
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 20.03.2010 1.7.2.11
Canon Internet Library for ZoomBrowser EX Canon Inc. 20.03.2010 1.6.3.9
Canon MOV Decoder Canon Inc. 20.03.2010 1.5.0.7
Canon MOV Encoder Canon Inc. 20.03.2010 1.3.1.3
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 20.03.2010 3.4.1.9
Canon RAW Image Task for ZoomBrowser EX Canon Inc. 20.03.2010 3.3.0.5
Canon Utilities CameraWindow Canon Inc. 20.03.2010 7.4.0.7
Canon Utilities CameraWindow DC 8 Canon Inc. 20.03.2010 8.1.0.11
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 20.03.2010 6.4.2.16
Canon Utilities Digital Photo Professional 3.8 Canon Inc. 20.03.2010 3.8.0.0
Canon Utilities EOS Utility Canon Inc. 20.03.2010 2.8.1.0
Canon Utilities MyCamera Canon Inc. 20.03.2010 7.3.0.5
Canon Utilities PhotoStitch Canon Inc. 20.03.2010 3.1.21.45
Canon Utilities Picture Style Editor Canon Inc. 20.03.2010 1.3.0.0
Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 20.03.2010 1.7.1.9
Canon Utilities WFT-E1/E2/E3 Utility Canon Inc. 20.03.2010 3.2.1.1
Canon Utilities ZoomBrowser EX Canon Inc. 20.03.2010 6.5.1.15
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 20.03.2010 1.3.0.4
CCleaner Piriform 24.07.2012 3.21
Deathmatch Classic Valve 12.06.2011
Deus Ex - Invisible War 09.05.2010 1.2
DIE SIEDLER - Das Erbe der Könige - Gold Edition Blue Byte 30.06.2012 1.00.0000
DMIView B8.0717.01 Gigabyte 06.03.2010 1.4
Easy Tune 6 B11.1209.1 GIGABYTE 23.12.2011 36,7MB 1.00.0000
EasySaver B9.0904.1 Gigabyte 06.03.2010 1.00.0000
Express Burn Disc Burning Software NCH Software 30.10.2011
Express Rip NCH Software 11.02.2012
Gigabyte Raid Cinfigurer GIGABYTE Technologies, Inc. 06.03.2010 1.00.0001
GIMP 2.6.11 The GIMP Team 05.06.2011 57,6MB 2.6.11
IrfanView (remove only) Irfan Skiljan 04.12.2010 1,50MB 4.27
Java(TM) 6 Update 24 Oracle 08.05.2011 97,1MB 6.0.240
Kids Programming Language 1.2.0 KidsPL 08.05.2011 7,26MB 1.2.002
Left 4 Dead Valve 30.04.2010
LEGO Star Wars 2 DEMO LucasArts 22.01.2011 588MB 1.00.0000
LEGO® Harry Potter™: Die Jahre 1-4 WB Games 31.03.2012 3,23MB 1.0.0.0
LEGO® Indiana Jones™ LucasArts 04.02.2011 5,34GB 1.00.0000
LEGO® Star Wars™: Die Komplette Saga LucasArts 04.02.2011 5,26GB 1.00.0000
Logitech Gaming Software 8.20 Logitech Inc. 16.03.2012 76,6MB 8.20.74
Loksim3D Loksim3D 16.06.2012 28,5MB 2.8
M-Audio Audiophile Driver 6.0.1 (x64) M-Audio 02.05.2010 3,86MB 6.0.1
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 2,93MB 4.0.30319
Microsoft Office Professional Edition 2003 Microsoft Corporation 07.03.2010 272MB 11.0.6361.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.04.2011 2,69MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.03.2010 708KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 16.03.2012 252KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 06.03.2010 788KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.08.2011 594KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.09.2012 590KB 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 25.12.2010 13,6MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 16.06.2012 11,0MB 10.0.30319
Microsoft-Maus- und Tastatur-Center Microsoft Corporation 05.08.2012 1.1.500.0
MixPad Audio Mixer NCH Software 30.10.2011
Myst III Exile 03.12.2011
NCH Tone Generator NCH Software 13.11.2011
NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 06.03.2010 989KB 1.0.14.0
Opera 12.02 Opera Software ASA 07.09.2012 12.02.1578
Paint.NET v3.5.5 dotPDN LLC 07.11.2010 10,2MB 3.55.0
Project64 1.6 Project64 12.02.2011 3,46MB 1.6
RealPlayer RealNetworks 29.07.2011
Realtek Ethernet Controller Driver For Windows Vista and Later Realtek 06.03.2010 1.00.0009
Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 06.03.2010 6.0.1.5897
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.03.2010 6.0.1.5964
Ricochet Valve 12.06.2011
RoboMind version 3.0 14.04.2012 104MB
Smart Recovery B09.1002.1 (x64) 06.03.2010
Steam Valve Corporation 30.04.2010 1,49MB 1.0.0.0
Sweet Home 3D version 3.5 eTeks 03.06.2012 99,5MB
Switch Sound File Converter NCH Software 30.10.2011
System180 3D System 180 GmbH 20.08.2011 157MB 5.0.1
Team Fortress Classic Valve 27.03.2011
TimeShift Sierra Entertainment 12.08.2010 1.00.000
Tux of Math Command (remove only) 17.10.2010
Tux Paint 0.9.21 New Breed Software 17.10.2010
Tux Typing (remove only) 17.10.2010
Ubisoft Game Launcher UBISOFT 08.04.2012 1.0.0.0
Unity Web Player Unity Technologies ApS 04.02.2012 12,0MB
Update Manager B09.1008.1 GIGABYTE 06.03.2010 1,82MB 1.00.0000
VMware Player VMware, Inc 22.09.2012 390MB 4.0.3.29699
WavePad Sound Editor NCH Software 30.10.2011
Winamp Nullsoft, Inc 02.05.2010 5.572
Windows Driver Package - Multi-I/O Card Driver (10/26/2009,7.0.0.0) Multi-I/O Card 21.03.2010 10/26/2009,7.0.0.0
Windows XP Mode Microsoft Corporation 09.10.2010 1,13GB 1.3.7600.16422
Worms 3D Demo 13.08.2010 0.00.001
Worms 4 Mayhem Demo Codemasters 15.08.2010 1.00.0000
Worms Reloaded Team17 02.06.2012
Oder sollte ich sogar besser einen neuen Scan durchführen? (ich weiß, das ist mühsam die Rechner anderer zu durchstöbern...eigentlich wollte ich hier auch mal im Forum unterstützen verdammt  , aber irgendwie bekomme ich es zeitlich nicht hin...im Grunde wäre nicht mal hierfür Zeit... )Danke Dir...
__________________ Viele Grüße Dodger Geändert von Dodger (03.10.2012 um 22:25 Uhr) Grund: Signatur ist doppelt gemoppelter Gruß... |
| Themen zu Bundespolizeivirus, Ukash |
| abgesicherte, administrator, anderes, angemeldet, beheben, beste, bundestrojaner, frage, fragen, installation, installiert, meinung, modus, nichts, platt, problem, scan, schei, sperrt, spiele, spielen, starte, starten, tool, virus, zusammen |
Baum-Darstellung