| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sicherheitswarnung Telekom ZeuS/ZBotWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.10.2013, 14:01
| #1 |
| |  Sicherheitswarnung Telekom ZeuS/ZBot Hallo, meine Eltern haben mir den Brief von der Telekom heute hingeknallt und haben gesagt das ist schon der Zweite. Code:
ATTFilter
Betrifft: Erneute Sicherheitswarnung zu ihrem Internet-Zugang.
Abuse-ID: xxxxxxxx
Zugangsnummer: xxxxxxxx
Sehr geehrter Herr Schlagmichtod
unsere Sicherheitsexperten haben zuverlässige Hinweise, dass sich über
Ihren Internetanschluss, ein Computer ins Internet einwählt, der mit
dem Schadprogramm "ZeuS/ZBot" (Online-Banking-Trojaner) infiziert wurde.
Dadurch stellt für Sie zur Zeit jeder Online-Einkauf, jeder
Geldtransfer per Onlinebanking und jeder Austausch in sozialen
Netzwerken ein erhebliches Sicherheitsrisiko dar.
Den Hinweis auf Ihren Anschluss und die IP-Adresse haben wir von
externen Sicherheitsexperten erhalten, mit denen wir zusammenarbeiten,
um unsere Kunden zu schützen.
Bitte prüfen Sie ihren Computer und unterbinden Sie so die missbräuchliche Nutzung Ihres Zugangs.
Wieso wissen die das ich angeblich so einen Trojaner habe und ich nicht? Dann habe ich SpyBot mal auf meinem Laptop durchlaufen lassen der hat auch paar sachen gefunden, (aber nix mit ZeuS oder so) die habe ich dann beheben lassen. Aber der findet immer was o.O Wie auch immer bin ich dann hier aufs Forum gestoßen und habe gedacht die können mir bestimmt weiterhelfen. Hab hier einwenig rumgeschaut und gesehen das so Logfiles wichtig sind und habe das mal nach dem Tutorial mit OTL gemacht. Wir haben 2 Pc´s und 1 Laptop. Und ich vermute, wenn wir etwas haben dann ist es mein Laptop. Hier die Logfiles vom Laptop: OTL.txt Code:
ATTFilter OTL logfile created on: 03.10.2013 14:47:10 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 63,07% Memory free 7,82 Gb Paging File | 6,24 Gb Available in Paging File | 79,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 115,22 Gb Total Space | 76,68 Gb Free Space | 66,55% Space Free | Partition Type: NTFS Drive D: | 329,05 Gb Total Space | 229,29 Gb Free Space | 69,68% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 106,54 Gb Free Space | 45,75% Space Free | Partition Type: NTFS Drive F: | 232,87 Gb Total Space | 231,19 Gb Free Space | 99,28% Space Free | Partition Type: NTFS Drive I: | 539,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: Don-PC | User Name: Don | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - E:\Programme\Avast\AvastUI.exe (AVAST Software) PRC - E:\Programme\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - E:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - E:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe (LULU Software) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\ExpressGateUtil\VAWinAgent.exe () PRC - C:\ExpressGateUtil\VAWinService.exe () PRC - E:\Programme\Open Office\program\soffice.exe (OpenOffice.org) PRC - E:\Programme\Open Office\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - E:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - E:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - E:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - E:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - E:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - E:\Programme\Open Office\program\libxml2.dll () MOD - C:\ExpressGateUtil\VAWinAgent.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (avast! Antivirus) -- E:\Programme\Avast\AvastSvc.exe (AVAST Software) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Soda PDF 2012 Service) -- C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe (LULU Software) SRV - (Soda PDF 2012 Helper Service) -- C:\Program Files (x86)\Soda PDF 2012\HelperService.exe (LULU Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe () SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic) DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 4611609 IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 69 98 2C 5B 90 CD 01 [binary data] IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB A2 8D 9F 92 04 CD 01 [binary data] IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2219863282-928803723-3675192025-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: vlcplaylist%40helgatauscher.de:0.8 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 4444 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: E:\Programme\PDF Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: E:\Programme\PDF Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: E:\Programme\PDF Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: E:\Programme\PDF Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: E:\Programme\Avast\WebRep\FF [2013.04.11 15:13:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: E:\Programme\Mozilla\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: E:\Programme\Mozilla\plugins [2013.09.19 14:49:25 | 000,000,000 | ---D | M] [2013.07.21 19:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\Extensions [2013.07.21 19:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\Extensions\net.openvpn.client [2013.09.27 16:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\acwxj4s0.default\extensions [2012.09.10 17:39:00 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\acwxj4s0.default\extensions\2020Player_IKEA@2020Technologies.com [2013.09.19 13:30:04 | 000,050,671 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\acwxj4s0.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.05.03 14:09:29 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\firefox\profiles\acwxj4s0.default\extensions\vlcplaylist@helgatauscher.de.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ProxyCap] E:\PROGRA~1\PROXY\pcapui.exe File not found O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avast] E:\Programme\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SDTray] E:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2219863282-928803723-3675192025-1000..\Run: [DAEMON Tools Lite] E:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2219863282-928803723-3675192025-1000..\Run: [Spybot-S&D Cleaning] E:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2219863282-928803723-3675192025-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2219863282-928803723-3675192025-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = E:\Programme\Open Office\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2219863282-928803723-3675192025-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E97A2F3-A0A7-4EF9-8D1E-964F2486A442}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{4c14b5f4-755c-11e1-8fde-bcaec5d58621}\Shell - "" = AutoRun O33 - MountPoints2\{4c14b5f4-755c-11e1-8fde-bcaec5d58621}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] () O33 - MountPoints2\{df20c54d-a986-11e1-98ef-bcaec5d58621}\Shell - "" = AutoRun O33 - MountPoints2\{df20c54d-a986-11e1-98ef-bcaec5d58621}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{df20c551-a986-11e1-98ef-bcaec5d58621}\Shell - "" = AutoRun O33 - MountPoints2\{df20c551-a986-11e1-98ef-bcaec5d58621}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.10.01 20:06:41 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\Blizzard Entertainment [2013.09.21 15:11:09 | 000,000,000 | ---D | C] -- C:\Users\Don\Documents\GTA Vice City User Files [2013.09.12 12:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes [2013.09.11 03:06:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.09.11 03:06:38 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.09.11 03:06:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.09.11 03:06:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.09.11 03:06:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.09.11 03:06:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.09.11 03:06:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.09.11 03:06:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.09.11 03:06:35 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.09.11 03:06:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.09.11 03:06:35 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.09.11 03:06:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.09.11 03:06:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.09.11 03:06:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.09.11 03:06:30 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.09.11 01:21:39 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys [2013.09.11 01:21:35 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.09.11 01:21:34 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.09.11 01:21:33 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.09.11 01:21:33 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.09.11 01:21:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.09.11 01:21:32 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.09.11 01:21:32 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.09.11 01:21:32 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.09.11 01:21:32 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.09.11 01:21:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.09.11 01:21:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.09.11 01:21:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.09.11 01:21:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.09.11 01:21:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.09.11 01:21:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.09.11 01:21:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.09.11 01:21:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.09.11 01:21:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.11 01:21:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.09.11 01:21:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.09.11 01:21:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.09.11 01:21:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.09.11 01:21:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.11 01:21:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.11 01:21:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.11 01:21:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.09.11 01:21:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.09.11 01:21:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.11 01:21:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.09.11 01:21:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.09.11 01:21:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.09.11 01:21:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.09.11 01:21:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.11 01:21:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.11 01:21:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.11 01:21:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.09.11 01:21:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.11 01:21:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.11 01:21:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.11 01:21:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.11 01:21:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.11 01:21:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.09.11 01:21:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.09.11 01:21:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.11 01:21:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.09.11 01:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.09.11 01:21:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.09.11 01:21:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.11 01:21:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.09.11 01:21:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.11 01:21:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.09.11 01:21:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.09.11 01:21:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.09.11 01:21:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.09.11 01:21:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.09.11 01:21:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.09.11 01:21:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.09.11 01:21:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.09.11 01:21:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.09.11 01:21:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2013.09.11 01:21:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.09.11 01:21:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll ========== Files - Modified Within 30 Days ========== [2013.10.03 14:26:43 | 000,015,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.03 14:26:43 | 000,015,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.03 14:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.03 14:18:30 | 3151,007,744 | -HS- | M] () -- C:\hiberfil.sys [2013.10.01 13:58:36 | 000,011,658 | ---- | M] () -- C:\Users\Don\Desktop\RE10804417.pdf [2013.10.01 13:57:56 | 000,011,798 | ---- | M] () -- C:\Users\Don\Desktop\RE10804334.pdf [2013.09.27 16:28:22 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.09.27 16:28:22 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.09.27 16:28:22 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.09.27 16:28:22 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.09.27 16:28:22 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.09.21 17:44:41 | 000,033,095 | ---- | M] () -- C:\Users\Don\Desktop\aufgabe 4.jpg [2013.09.20 19:13:36 | 000,004,279 | ---- | M] () -- C:\Users\Don\Desktop\99.gif [2013.09.12 12:36:15 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2013.09.11 03:27:29 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.09.08 22:22:55 | 000,218,729 | ---- | M] () -- C:\Users\Don\Desktop\Unbenannt.png ========== Files Created - No Company Name ========== [2013.10.01 13:58:56 | 000,011,658 | ---- | C] () -- C:\Users\Don\Desktop\RE10804417.pdf [2013.10.01 13:58:54 | 000,011,798 | ---- | C] () -- C:\Users\Don\Desktop\RE10804334.pdf [2013.09.21 17:44:41 | 000,033,095 | ---- | C] () -- C:\Users\Don\Desktop\aufgabe 4.jpg [2013.09.20 19:13:33 | 000,004,279 | ---- | C] () -- C:\Users\Don\Desktop\99.gif [2013.09.12 12:36:15 | 000,000,642 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2013.09.08 22:22:55 | 000,218,729 | ---- | C] () -- C:\Users\Don\Desktop\Unbenannt.png [2013.09.01 11:50:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2013.08.09 16:42:21 | 000,001,483 | ---- | C] () -- C:\Windows\DIIUnin.dat [2013.08.04 15:52:30 | 000,061,440 | ---- | C] () -- C:\Windows\wpuninst.exe [2013.07.30 14:06:52 | 000,000,600 | ---- | C] () -- C:\Users\Don\AppData\Local\PUTTY.RND [2013.05.01 17:08:02 | 000,331,776 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [2013.03.31 13:58:33 | 000,000,088 | -H-- | C] () -- C:\Users\Don\pdfkey.dat [2012.12.02 02:43:34 | 000,281,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.02 02:43:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.02 02:43:32 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe [2012.03.18 15:54:10 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.14 19:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.14 19:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.14 19:47:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.14 19:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.14 18:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.12 19:18:45 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Ashampoo [2013.07.12 18:25:12 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Canneverbe Limited [2013.07.01 16:04:11 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\DAEMON Tools Lite [2013.10.02 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\ICQ [2013.05.05 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2013.06.12 18:41:08 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2013.07.23 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Notepad++ [2012.03.18 15:36:29 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\OpenOffice.org [2012.03.23 18:18:16 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\PDF Software [2012.06.27 23:37:28 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Recorder [2012.07.01 13:32:33 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\RobotSoft [2013.07.28 22:40:13 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\TeamViewer [2012.03.23 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Tracker Software [2012.04.06 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\ts3overlay ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.10.2013 14:47:10 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 63,07% Memory free
7,82 Gb Paging File | 6,24 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115,22 Gb Total Space | 76,68 Gb Free Space | 66,55% Space Free | Partition Type: NTFS
Drive D: | 329,05 Gb Total Space | 229,29 Gb Free Space | 69,68% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 106,54 Gb Free Space | 45,75% Space Free | Partition Type: NTFS
Drive F: | 232,87 Gb Total Space | 231,19 Gb Free Space | 99,28% Space Free | Partition Type: NTFS
Drive I: | 539,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: Don-PC | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2219863282-928803723-3675192025-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = E:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"E:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = E:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"E:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = E:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"E:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = E:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C22ABD5-0C7D-403E-93FA-546FAD6C4EDE}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D503622-A3E3-4BE9-A9D3-23098D10F781}" = rport=137 | protocol=17 | dir=out | app=system |
"{22C10819-2CEB-43A5-B541-7C565806CFB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2554D35D-4FE3-4435-A943-71F74B77595D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D87B7BB-F774-4FA9-B0C7-95E8814744E0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DF09FFC-D379-45F6-8A3A-C01025463205}" = lport=445 | protocol=6 | dir=in | app=system |
"{53C0EDEA-AECF-433F-9829-80DD9177A1DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BD15D57-7839-4B13-A3C1-C8B6317F1E5B}" = rport=139 | protocol=6 | dir=out | app=system |
"{6DA63E13-3436-4DCA-8A19-480E54390B28}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C7098B3-8F3C-442E-9F21-77759CE9AFE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93AC74CC-CC38-4996-BA5D-8748119EE6C5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{98EF1B91-1CCE-41ED-B3FB-5AB52CF5DC49}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A418B0A-4083-461F-8454-AF49C5794841}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{AD9A1652-AEDD-40C9-A3AD-5728F4463106}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA379526-C489-4240-AF9F-0F7980D5A888}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C6825B01-4846-4E09-B527-3457A2CEA017}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D087F60E-5AA2-4C07-BAEF-2C8583B3B872}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE9FFCD6-14F7-4B5E-AD20-06E7285FDEB0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E08DB73A-E1A3-4E41-98B0-3C1300EE15A5}" = lport=138 | protocol=17 | dir=in | app=system |
"{E3F92AFE-3161-45D4-9748-722F4DC7ECF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC41EFAE-2642-440A-A786-868820BDE25F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B14588-D449-4DD6-BC99-95F0467A9265}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon siege 1\dungeonsiege.exe |
"{0BA14796-36B6-46CA-81F6-6BD64628D4BB}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon siege 2\dungeonsiege2.exe |
"{0E209C5F-95CB-4255-B914-74C61E7B10D2}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{0FAEC00C-AB89-4191-B636-1A297E21E467}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{12F71FE4-6B48-47E0-BAC6-8929984A675F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{15AE1DB7-DCC7-4C20-878D-DFF18F4DD2E6}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\gothic\system\gothic.exe |
"{2AF70A76-EF90-4558-97C1-35FB8825210D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2CC77000-4FE7-40EB-A58C-FDB5FCA3CBB5}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{34BFFA4B-D03B-4F4F-A243-91B0D0FA815F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{46B57AC1-067B-4F68-B59D-F90CB390BF5B}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{50550D30-8C4A-476B-B571-5BFFAA3F8B46}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\planetside 2\launchpad.exe |
"{54387CCA-AAC3-4D66-ADF3-FE91D9C28118}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{56FF357C-9FD9-44F7-A3E4-8161FE8D88E8}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{5BEAAD03-FC77-443F-B300-559A62ED5015}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\battlefield 2\bf2.exe |
"{63623108-F74A-46E6-93D5-745DB587775C}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{6674D033-5AEE-4580-A7B2-F6EC31FFF3BC}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{677A5E51-22CC-43A0-B00F-9ACE64AB4C5D}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\overlord\config.exe |
"{6A9DD565-B92F-4E34-9D0D-D2E2CF9B50B6}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon siege 1\dungeonsiege.exe |
"{6AFE480E-F2AA-4FAB-A3F5-046E7DF4744F}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"{6E395455-6407-4BA0-A5F4-1F48A4AE021B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{6F40F1B1-3523-4068-97D9-6876FD24477F}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{72F351E7-0A3E-4F58-9380-E5839CEEC677}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{76A033CF-3AB4-4120-A3E0-986620DFF5BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7870776F-7236-4CD5-944B-D0ED4DA725E8}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{79BB6C2D-E655-49E1-B029-0140B545D359}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{7F491A69-6AD8-440D-BF35-5C670F005717}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\overlord\overlord.exe |
"{808E83CE-34ED-4445-83AB-7D983511C123}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{8495310A-3138-49C8-A38A-9EA6B4BEB5C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{85CEE12F-1BB9-473A-9660-9FD1CDA4DA6A}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe |
"{86A76F7F-E66F-42C0-A5D2-3350D84FFC7F}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{8785ADD7-4131-4CA9-B039-6733F5F0F2F9}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{88D747D0-4527-4708-90FD-E0F715578CC2}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{8BA2A8AE-F383-406E-AC18-6EB5199F8711}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\battlefield 2\bf2.exe |
"{8BC04045-C01B-477D-96CD-CCCF2ABA2DA1}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon siege 2\dungeonsiege2.exe |
"{8C6A1B24-913C-4C32-8B72-E7FF7659C5E5}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{8E59A57C-42E0-44B7-85F0-32914F963390}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{8F4C3EFA-E97F-4038-9A17-A5EE18B35C58}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{8FE3782B-62FE-4BEF-A638-8D16EF2C2458}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\gothic\system\gothic.exe |
"{912B55E8-DE62-470A-805A-F7C14C2F7636}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{95084CD2-886E-4616-BFCE-80B1F04F676D}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{971C2988-E842-413E-8134-1366755237F5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9BFCDF0C-D898-4A5E-8599-CC9D5EBF669D}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{A4B7EF6F-FF38-48E6-96EA-0ABD9EBD9EF0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A4F232F3-FF2B-4046-B7BB-7506100289C3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A70FE536-5EFD-40DC-8B1E-01EC91403AC1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A8294695-DF38-47AF-9DAE-0049216C53FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{AAE2662E-D7EF-4D81-B9D1-51406D6725F7}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |
"{ACFA628E-990F-45EA-8C89-F3C6C437308E}" = protocol=17 | dir=in | app=e:\spiele\steam\steam.exe |
"{AEFFA92C-1724-4BC8-B845-A4E409DEC5F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{B288F8C3-663B-4599-8EB8-E788C02EFA6B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{BB06C24A-E584-4926-8EAF-21C8F757EFF2}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{BB52181C-5B26-49C6-B4C3-EBAAD7116869}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe |
"{BE2D9EBE-9D80-45DF-956A-4879D3A87529}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{C190A2FB-AFA9-4288-A863-EEAFA3CE316F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C2D1F879-457E-44A3-B3FC-7973D25FFDB0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C608D263-1B07-4BB8-ADFA-F4F63A41C7A2}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\overlord\config.exe |
"{C69B5265-2962-4EE2-B79B-8B14855D09A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCF406FF-CA40-46C5-AD69-566064125375}" = protocol=17 | dir=in | app=e:\spiele\lord\game.dat |
"{CE0AC25E-D10F-4EBE-99FB-89044A67CE2E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{CF7E8C8D-4ECD-4441-A467-23CAE6966ADF}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{CFFD870C-E8EA-44E6-A56C-22F543F3A507}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D302A472-FE76-4C50-92D1-15E23BBDD7E8}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\overlord\overlord.exe |
"{DD24B6F2-139D-4CEF-BD9D-8FD2D632B998}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DF83019C-E2CB-4DCC-A204-CCF583DCD701}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2B7D6C4-C2E2-4C04-9805-2E96B616F532}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"{E6DD5CF8-4A10-489E-8C19-85CEC7A02180}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{E8A6A899-1964-4FC4-B209-04A60ECF432E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E948B9C0-FDE5-47BE-9486-2C56E69431F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{EA513D25-D2DC-4E69-93AD-C6EB27CAB0FE}" = protocol=6 | dir=in | app=e:\spiele\steam\steam.exe |
"{EC7E883A-7FBF-4633-B51E-3813B7791057}" = protocol=6 | dir=in | app=e:\spiele\lord\game.dat |
"{F1AF6A2B-DD70-4C41-9808-A839C22E0225}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{F540AC87-1503-499A-8A36-029CF3220060}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{F672D101-06D0-466C-B4EE-CCBA4BC35C98}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\planetside 2\launchpad.exe |
"{F79F6FE9-BA56-4CE5-BAF9-11FFE4EB6894}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{F7DE2B66-E982-4581-9E07-3EDE8CD7D688}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{FE8101FC-8419-4F2F-838D-61B4016892A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{0BAE075E-0E1A-4D1C-B215-2FB07C85A78A}E:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{14E32DF9-2BBA-4B58-B5CA-F033836B0AD1}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{221CB16F-9DB5-4F80-9CF5-363CC8D0B9AE}F:\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=f:\candisoft_load!_0.7.2\load.exe |
"TCP Query User{45EB189F-19CA-4575-89CA-16946594D98F}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"TCP Query User{6159A8CF-5789-44BD-8AC9-96C72CFDC461}E:\programme\your freedom\freedom.exe" = protocol=6 | dir=in | app=e:\programme\your freedom\freedom.exe |
"TCP Query User{68A12B82-4139-4EAA-8B39-24AFB488AB33}E:\spiele\wop\wowplauncher.exe" = protocol=6 | dir=in | app=e:\spiele\wop\wowplauncher.exe |
"TCP Query User{70FDC745-A6EA-4B86-B02B-5E85651DFF4A}E:\spiele\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{77FD80CB-0483-4711-85E8-EBDE42FCCA21}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A855268D-CBCC-409F-9F90-F4BDAB023F88}E:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=e:\programme\icq7.4\icq.exe |
"TCP Query User{BA72EA9A-5285-4FBE-960F-2A921A9D10C1}F:\candisoft_load!_0.7\load.exe" = protocol=6 | dir=in | app=f:\candisoft_load!_0.7\load.exe |
"TCP Query User{BD18CA16-C3B2-42D9-92AF-4E096863B89D}E:\spiele\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"TCP Query User{C4BE30A7-9DAF-4BFE-A476-94D67A8F64BE}E:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{0D26DDC4-2653-4491-B20C-7A763BD6CB0B}F:\candisoft_load!_0.7\load.exe" = protocol=17 | dir=in | app=f:\candisoft_load!_0.7\load.exe |
"UDP Query User{2793ED54-9100-429A-9961-D6EEF44F3563}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{51D6ADDD-E113-4E8C-9B9E-399FCF6BE2A7}E:\spiele\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{6A265F5B-98D5-4C08-9431-E28715260814}E:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{89315571-83DF-4B56-AEF8-26D84C07181A}F:\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=f:\candisoft_load!_0.7.2\load.exe |
"UDP Query User{B7B34241-40AF-4361-9B54-27EF31DB96FF}E:\spiele\wop\wowplauncher.exe" = protocol=17 | dir=in | app=e:\spiele\wop\wowplauncher.exe |
"UDP Query User{D4A31C7B-23F6-4108-8E99-4CA62926ACFF}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E1D10E34-CA0C-4C5A-92D7-B81CB870BA20}E:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{E1FA327F-9E75-4B4F-9020-53EC88D1EAA6}E:\spiele\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"UDP Query User{EF9E9668-D03A-4EBA-9EEB-BB0906F4232D}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"UDP Query User{FC1A7645-2A82-465A-AA93-8D2775C80B76}E:\programme\your freedom\freedom.exe" = protocol=17 | dir=in | app=e:\programme\your freedom\freedom.exe |
"UDP Query User{FCAD9594-1E10-412E-A74D-9B44E4623188}E:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=e:\programme\icq7.4\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BE8CF365-1CFE-49D7-A4C2-A943526274C4}" = Fresco Logic USB3.0 Host Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.15_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0D84B9B9-3A35-43DD-A983-D21499D0DF1F}" = Soda PDF 2012
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3408E5D6-4925-4496-AB67-AB8643C3685C}_is1" = Mouse and Keyboard Recorder 3.2.0.2
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45708470-477C-44E4-849B-7B6FA10A5B67}" = Recorder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"Steam App 11450" = Overlord
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 1250" = Killing Floor
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 214560" = Mark of the Ninja
"Steam App 218230" = PlanetSide 2
"Steam App 39190" = Dungeon Siege
"Steam App 39200" = Dungeon Siege 2
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 65540" = Gothic
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 8" = TeamViewer 8
"UltraISO_is1" = UltraISO Premium V9.53
"World of Warcraft" = World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.09.2013 21:00:48 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 21.09.2013 21:00:53 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 23.09.2013 16:50:48 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 27.09.2013 12:51:33 | Computer Name = Don-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_FontCache, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229,
Zeitstempel: 0x51fb1677 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000940d
ID
des fehlerhaften Prozesses: 0x21c Startzeit der fehlerhaften Anwendung: 0x01cebb8ca0719293
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 10038d76-2795-11e3-9c57-bcaec5d58621
Error - 27.09.2013 21:00:35 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 28.09.2013 21:00:29 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 29.09.2013 19:06:27 | Computer Name = Don-PC | Source = ESENT | ID = 490
Description = taskhost (1772) WebCacheLocal: Versuch, Datei "C:\Users\Don\AppData\Local\Microsoft\Windows\WebCache\V01.log"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 29.09.2013 19:06:27 | Computer Name = Don-PC | Source = ESENT | ID = 454
Description = taskhost (1772) WebCacheLocal: Bei Datenbankwiederherstellung trat
ein unerwarteter Fehler -1032 auf.
Error - 29.09.2013 21:00:48 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 30.09.2013 13:29:54 | Computer Name = Don-PC | Source = Application Hang | ID = 1002
Description = Programm mmc.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1910 Startzeit:
01cebddeaf4b06d0 Endzeit: 4 Anwendungspfad: C:\Windows\system32\mmc.exe Berichts-ID:
Error - 30.09.2013 21:10:10 | Computer Name = Don-PC | Source = System Restore | ID = 8193
Description =
Error - 30.09.2013 21:10:26 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 30.09.2013 21:20:25 | Computer Name = Don-PC | Source = VSS | ID = 12289
Description =
Error - 30.09.2013 22:29:50 | Computer Name = Don-PC | Source = System Restore | ID = 8193
Description =
Error - 30.09.2013 22:30:08 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 01.10.2013 16:53:12 | Computer Name = Don-PC | Source = MsiInstaller | ID = 11316
Description =
[ Spybot - Search and Destroy Events ]
Error - 22.07.2013 12:09:44 | Computer Name = Don-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 29.09.2013 19:05:36 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
TeamViewer 8 erreicht.
Error - 29.09.2013 19:05:36 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 8" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 29.09.2013 21:00:59 | Computer Name = Don-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 30.09.2013 21:11:18 | Computer Name = Don-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 30.09.2013 21:20:25 | Computer Name = Don-PC | Source = volsnap | ID = 393283
Description = Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert
werden.
Error - 30.09.2013 22:30:09 | Computer Name = Don-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 30.09.2013 22:41:33 | Computer Name = Don-PC | Source = BugCheck | ID = 1001
Description =
Error - 01.10.2013 16:53:13 | Computer Name = Don-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 02.10.2013 21:01:46 | Computer Name = Don-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 03.10.2013 08:09:56 | Computer Name = Don-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Ich hoffe ich habe das richtig gemacht und ihr könnt mir helfen. Liebe Grüße Fausti |
| Themen zu Sicherheitswarnung Telekom ZeuS/ZBot |
| antivirus, application/pdf:, avast, battle.net, bho, computer, ebanking, explorer, firefox, flash player, focus, fontcache, format, grand theft auto, helper, home, homepage, iexplore.exe, install.exe, kunde, mmc.exe, monitor, msiinstaller, nvpciflt.sys, object, openvpn, plug-in, port, registry, rundll, scan, sicherheitsexperten, software, svchost.exe, teamspeak, telekom zeus/zbot, temp, tracker, udp, unterbinden, updates, vice city, windows |
Baum-Darstellung