| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SpyEyes Trojaner gefunden, Logfiles erstelltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.02.2011, 13:11
| #1 |
| |  SpyEyes Trojaner gefunden, Logfiles erstellt Hallo liebes Trojaner-Board Team! Ich habe heute mal mit Malwarebytes meinen Rechner durchsucht. Das Ergebnis war, dass mein System vom SpyEyes Trojaner befallen war(/ist?). Jetzt habe ich mit Hilfe von Malwarebytes, OTL und GMER diverse Logfiles erstellt. Könnte jemand aus dem Team diese nach Auffälligkeiten untersuchen? Vielen Dank schonmal im Vorraus! Lg, Andreas Mbam Log vor dem Entfernen von SpyEyes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5900
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
28.02.2011 10:58:52
mbam-log-2011-02-28 (10-58-52).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166547
Laufzeit: 6 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Recycle.Bin.exe (Trojan.SpyEyes) -> Value: Recycle.Bin.exe -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5900
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
28.02.2011 12:55:14
mbam-log-2011-02-28 (12-55-14).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166262
Laufzeit: 4 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL Extras logfile created on: 28.02.2011 12:35:58 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,26 Gb Free Space | 2,86% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 90,47 Gb Free Space | 36,73% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049AF61A-EA92-4F58-8725-A6F7DD2E8D09}" = rport=137 | protocol=17 | dir=out | app=system |
"{1380EB14-99F9-4397-AB8A-ACC82C62E132}" = lport=139 | protocol=6 | dir=in | app=system |
"{371582EB-0293-40AC-98F9-73368BCB5B0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41C88821-1CCB-4EDF-AD54-4A78BE82B7F7}" = lport=1500 | protocol=17 | dir=in | name=cod6 |
"{5634F6FD-7AD1-4453-895C-9371E9CA4720}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69BCC33E-16B2-418B-9AD6-966112130275}" = lport=137 | protocol=17 | dir=in | app=system |
"{7240687A-8405-4F4C-A2DA-08DA2B93C9D0}" = lport=3101 | protocol=17 | dir=in | name=cod6 |
"{7C199988-2C23-468E-9B3A-C8B9DFE91B20}" = lport=3005 | protocol=17 | dir=in | name=cod6 |
"{80AFADA8-1C08-4045-957A-3F4712502A7D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{97A58329-07C0-42F7-81BC-EA72A4D932E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B8E78F3-254C-4838-A607-4E501194E2CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE998761-4941-477B-A4A1-243319987E96}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BD10419B-38CC-42F4-882D-752C6457526E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BF2F7185-E584-4405-AEAC-E8FCD269F1D9}" = lport=28960 | protocol=17 | dir=in | name=cod6 |
"{C37968C3-AD7C-4113-8896-2CA1795E4DC6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C53256A5-D2C6-4E01-A2E7-4F86806E8D70}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6A3927A-E58D-4ED2-855D-4AC3C0A9AB4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D49FD470-FA2F-4C37-AA29-E5B3D6D0F1C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E470B46D-D486-414D-AD3E-F001FCA62937}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F134BF2E-0F00-4D35-845F-D51180E43113}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F3A304B0-0DDE-48B3-A114-419A151F4AD6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F7DCDAC0-0F0A-4588-8CCD-A39A0E3402EF}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A3B866-2A1F-427E-B5D4-127A43396208}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{05B25C36-40DD-4DD3-AE80-C7DA9FF1A451}" = protocol=17 | dir=in | app=d:\spiele\crysis\bin32\crysis.exe |
"{067BE998-26D8-4DF7-A838-0A2D2E578EF2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0F3AE715-EEB0-4606-BA97-7004D7E6F32A}" = protocol=6 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{0F9394F4-CF6F-4A44-BB76-E83983CEB7B0}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{1719ABED-E8C8-476B-B310-FBBFCF961CBD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{17E9D3A6-197E-41D2-AFC9-85E04693F036}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2089C64E-D533-4221-801B-E216DD4E9BF4}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{417C9DF6-53C7-42EE-BCD0-3A1C09ECE52D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{43C946FB-E49A-4F39-9F7D-022D9A68AF32}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{4FD40C0E-8C73-4DED-A0D8-387CF87DD34D}" = protocol=17 | dir=in | app=d:\spiele\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{4FDBB5F6-A112-4981-A8B8-F652C4329EAC}" = protocol=17 | dir=in | app=d:\spiele\swat4\contentexpansion\system\swat4xdedicatedserver.exe |
"{58B2AFDC-03DC-44CA-8782-DC386510356E}" = protocol=17 | dir=in | app=d:\spiele\swat4\contentexpansion\system\swat4x.exe |
"{5CBCC03E-D249-4D8B-B255-6F64C89466B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{609A5D63-1E6F-4820-B622-B886133D2371}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{62AE3409-DDA3-4D01-8050-855968E42958}" = protocol=6 | dir=in | app=d:\spiele\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{63659B08-5AC8-445E-A324-065F98CFAEBD}" = protocol=6 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"{64492E5C-AF75-4AC0-9C7A-73C7FA7DD49C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64639CE3-0B8A-4924-95C1-343765B9BE5B}" = protocol=17 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{695C8C20-D3DA-43B1-AD11-E908EA05C31E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6A466430-4A61-4905-A109-9B096680D00F}" = protocol=17 | dir=in | app=d:\spiele\cod5\codwawmp.exe |
"{6DCB1F27-5673-4F3C-AE0B-CC02F153A6CF}" = protocol=6 | dir=in | app=d:\spiele\cod5\codwawmp.exe |
"{6E96CAF3-CB20-4DD1-B579-16F12F38C84C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7012365A-BB7E-46A7-B7FB-10DA361919F3}" = protocol=17 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{761314C9-292C-4D94-AD6E-610575999FBB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77456E84-C2CA-42C3-B01C-82DB95EA2E7A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{79236537-9D6A-4624-B5B2-5DD4F5E8BBD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A6DFBAB-7F29-4A42-B9BC-EAC968D33E7C}" = protocol=6 | dir=in | app=d:\spiele\crysis\bin32\crysisdedicatedserver.exe |
"{813A37DE-93B6-4D67-8567-FF65F02EFCD9}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"{816DFD2D-8860-403E-B29D-B965F990E480}" = protocol=6 | dir=in | app=d:\spiele\crysis\bin32\crysis.exe |
"{829260EB-7D51-4A91-9932-B4E5EA7BCDAD}" = protocol=6 | dir=in | app=d:\spiele\swat4\contentexpansion\system\swat4xdedicatedserver.exe |
"{83021668-25C9-40AB-8DB9-17F26E425C84}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\wings of prey demo\launcher.exe |
"{83BD5CF2-8C3A-485C-90F6-3E0D353F09E8}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{83EF4CB4-43EF-4DC1-B2DE-538933D93927}" = protocol=6 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{86A0DDF0-2E47-4C23-B3E7-CA1EF08F09F5}" = protocol=6 | dir=in | app=d:\spiele\swat4\contentexpansion\system\swat4x.exe |
"{8C26ACF5-6381-44B5-9807-E14E7FA3A7F6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{99D6121E-0E04-4125-BE30-A8C8323B6CDD}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{A25B914C-4C9E-4AC1-9384-3A66CDD89D90}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\wings of prey demo\launcher.exe |
"{A35485A1-63F3-45D8-959C-4A9CF15C5156}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AC74ABA3-23AE-4B79-A396-37E6405F95F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD03EBEF-1E11-4D6D-B2F7-56ACD977814D}" = protocol=6 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{B34789FC-07F8-4802-9B4D-2EF3DE2744FD}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B351C588-E21D-47EC-ABF8-17CD41FB34E1}" = protocol=6 | dir=in | app=d:\spiele\rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{B4A56B9E-2036-4E44-A7D6-F52E8115DD0E}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{BB7E94E1-2976-4486-9E21-0F8AC9906060}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{BC46777C-06CF-451A-AB01-0120F44E62F1}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{BF98BC5E-DA01-4707-BE8B-8BB9487BEDC8}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{C0BB9F44-C38E-4A1B-9570-1243345235A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB66C25D-8309-4735-B5CA-F02BFCD636B5}" = protocol=17 | dir=in | app=d:\spiele\crysis\bin32\crysisdedicatedserver.exe |
"{CC56F493-8370-4927-82E5-92D751099FAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CCC87994-9420-4464-B72E-0387500E1F4B}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"{CDEB03CF-9750-4125-AE38-B979802B76E5}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"{D162741A-F2C0-494E-87E0-F0761FFE4146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D961DD3D-F71B-4BFC-8AFF-3FB487CF693F}" = protocol=17 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"{DA7918D4-3564-4019-AB6B-968B02813E22}" = protocol=17 | dir=in | app=d:\spiele\rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{DACEBF65-6286-436B-8271-690B5399ADDC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DEB7CCEA-1153-4782-8469-8579AED4AC94}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{DF19DB5A-39C5-4DD1-8697-091F857BCFD1}" = protocol=6 | dir=in | app=d:\programme\itunes\itunes.exe |
"{E06D38AE-635D-44DE-84A3-337BBA99A568}" = protocol=17 | dir=in | app=d:\programme\itunes\itunes.exe |
"{E283E91B-7D36-4132-AE25-AABD916AF4A1}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{F3012727-674F-4C6D-97BA-6C6187F329A9}" = protocol=17 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{F529BA08-88A0-49B3-B900-CDE555D760C0}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"{F574FA88-6F9F-4F9E-8832-9F2324C9504C}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{FE81F7BA-2D37-4D4B-95E0-A2B568576E52}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{06416D62-6F5B-4556-A4D5-443AA42D0720}D:\spiele\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\spiele\left 4 dead\left4dead.exe |
"TCP Query User{1C28F170-F3D5-4BF7-B4F7-FD29971D3242}D:\spiele\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\spiele\left 4 dead\left4dead.exe |
"TCP Query User{2C5FF7A4-43A7-40B4-8BB9-1A17818F14F1}D:\programme\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\wings of prey demo\acess.exe |
"TCP Query User{376F9D6A-F925-46A5-B08A-5D53669A2057}D:\spiele\cod5\codwaw.exe" = protocol=6 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"TCP Query User{3BF1E5DB-7502-4819-88DF-D772F2C5751C}D:\spiele\trackmania nations eswc\tmnationseswc.exe" = protocol=6 | dir=in | app=d:\spiele\trackmania nations eswc\tmnationseswc.exe |
"TCP Query User{5937439D-9BE4-4DC1-93B5-CC8B628A4E67}D:\programme\catia\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\programme\catia\intel_a\code\bin\cnext.exe |
"TCP Query User{940C4C28-E4AD-4476-BB56-ED89F311ABCF}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"TCP Query User{99A400C5-28FD-45DE-8AA4-BD0199F50202}D:\spiele\trackmania nations eswc\tmnationseswc.exe" = protocol=6 | dir=in | app=d:\spiele\trackmania nations eswc\tmnationseswc.exe |
"TCP Query User{9A8D8475-F058-4B21-AD33-AC4D6C60CC06}D:\modellbau\anleitungen\act diversity\tool2\emulator.exe" = protocol=6 | dir=in | app=d:\modellbau\anleitungen\act diversity\tool2\emulator.exe |
"TCP Query User{AB633945-043C-4CA7-8B07-305CF04FF9BB}D:\spiele\rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\spiele\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{AC7A6B16-B4AC-455B-BA62-6D1B5FEB319B}D:\programme\catia\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\programme\catia\intel_a\code\bin\orbixd.exe |
"TCP Query User{B26F1C62-8636-4599-A39B-C7740527F8B8}D:\spiele\cod5\codwawcracked.exe" = protocol=6 | dir=in | app=d:\spiele\cod5\codwawcracked.exe |
"TCP Query User{B38E3331-9452-46E4-ACE1-DCFA050DA862}D:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"TCP Query User{B65057B7-3EF6-45F0-9EFE-FBAF5FB731B3}D:\spiele\farcry2\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"TCP Query User{D9BA328B-247B-4353-962E-DFBBBED0C737}D:\programme\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\wings of prey demo\acess.exe |
"TCP Query User{F09318F4-FAB8-486E-BC8C-C4E43B8C5899}D:\programme\catia\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\programme\catia\intel_a\code\bin\cnext.exe |
"TCP Query User{F3A151DC-056A-4A92-BFE6-23FD4A36692A}D:\programme\catia\intel_a\code\bin\catutil.exe" = protocol=6 | dir=in | app=d:\programme\catia\intel_a\code\bin\catutil.exe |
"TCP Query User{FD56EF43-E40B-4620-9DCB-A2222F63D852}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0F7574DC-FAC9-4B2A-9F9F-191DFEEEE869}D:\spiele\trackmania nations eswc\tmnationseswc.exe" = protocol=17 | dir=in | app=d:\spiele\trackmania nations eswc\tmnationseswc.exe |
"UDP Query User{135B7468-224E-4848-9F2C-389B585A6AD8}D:\spiele\rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\spiele\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{1CFD280D-AA3A-4A83-A433-43DF080C05A3}D:\programme\catia\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\programme\catia\intel_a\code\bin\cnext.exe |
"UDP Query User{24765889-28DE-4D5A-9464-EDD2842A1CE2}D:\programme\catia\intel_a\code\bin\catutil.exe" = protocol=17 | dir=in | app=d:\programme\catia\intel_a\code\bin\catutil.exe |
"UDP Query User{66566982-03C3-439D-ACFD-19E9DF251A76}D:\spiele\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\spiele\left 4 dead\left4dead.exe |
"UDP Query User{7A668845-205B-4A49-AC82-5310448B5471}D:\spiele\cod5\codwaw.exe" = protocol=17 | dir=in | app=d:\spiele\cod5\codwaw.exe |
"UDP Query User{7BE28C48-D256-408A-AF7B-7D7CF4902F32}D:\programme\catia\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\programme\catia\intel_a\code\bin\orbixd.exe |
"UDP Query User{820901FF-3F4A-4B5C-8DB2-6579F5FBB143}D:\spiele\cod5\codwawcracked.exe" = protocol=17 | dir=in | app=d:\spiele\cod5\codwawcracked.exe |
"UDP Query User{8707E493-9D5C-4878-8AC7-456DF6A444DF}D:\spiele\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\spiele\left 4 dead\left4dead.exe |
"UDP Query User{872B651C-EA5F-4B96-9C89-EBEEDD24B59A}D:\programme\catia\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\programme\catia\intel_a\code\bin\cnext.exe |
"UDP Query User{8AF08B97-254E-4996-BBFE-44E825927DB3}D:\programme\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\wings of prey demo\acess.exe |
"UDP Query User{A42CED3C-1AC1-42C1-9C20-C86A0E1F4666}D:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"UDP Query User{C74CE0A5-9DC2-4E6E-8C51-0671164042FD}D:\programme\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\wings of prey demo\acess.exe |
"UDP Query User{C7E5827F-18AA-4B85-ADC3-41F18D43D6CB}D:\modellbau\anleitungen\act diversity\tool2\emulator.exe" = protocol=17 | dir=in | app=d:\modellbau\anleitungen\act diversity\tool2\emulator.exe |
"UDP Query User{C8E42DEF-443A-4AAF-96D8-77953B05F4BE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D481F7A9-66E4-4D45-A060-1D39A70EA0BD}D:\spiele\farcry2\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"UDP Query User{E5323D45-9E25-4315-8CE4-08DE4B27C5A0}D:\spiele\trackmania nations eswc\tmnationseswc.exe" = protocol=17 | dir=in | app=d:\spiele\trackmania nations eswc\tmnationseswc.exe |
"UDP Query User{EF12E6D7-B9AA-4121-8A8C-9DF9F7BD9175}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF37C7F-DB95-4F6D-9EDE-917B4437900B}" = R/C Data Recorder (Release Version)
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.107
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C9C7F7-0D56-40B2-A276-152762D39BCA}" = Adobe Setup
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9270D69-C715-4E1E-BFDD-03060438D181}" = Miracle C
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5d83aea83f5009a0d267d337e3f55fe" = Adobe After Effects CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dassault Systemes B17_0" = Dassault Systemes Software B17
"Digital Works" = Digital Works
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FormatFactory" = FormatFactory 2.30
"GCFScape_is1" = GCFScape 1.7.3
"Hamachi" = Hamachi 1.0.3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iArt_is1" = iArt 3
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Standard)
"Liquid_War_6" = Liquid War 6 0.0.7beta
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mp3tag" = Mp3tag v2.46a
"MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Softonic-Eng11 Toolbar" = Softonic-Eng11 Toolbar
"SpaceCAD_is1" = SpaceCAD 3.1.2
"ST5UNST #1" = FSTATIK
"Steam App 45310" = Wings of Prey Demo
"SystemRequirementsLab" = System Requirements Lab
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"TreeSize Free_is1" = TreeSize Free V2.5
"Universal Extractor_is1" = Universal Extractor 1.6
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.2
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2011 08:40:27 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5943
Error - 12.02.2011 13:11:52 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.02.2011 13:11:52 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1279
Error - 12.02.2011 13:11:52 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
Error - 12.02.2011 13:11:53 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.02.2011 13:11:53 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2886
Error - 12.02.2011 13:11:53 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2886
Error - 12.02.2011 13:11:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.02.2011 13:11:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3900
Error - 12.02.2011 13:11:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3900
[ System Events ]
Error - 21.02.2011 13:32:00 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 23.02.2011 04:06:01 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.02.2011 05:58:12 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 25.02.2011 07:55:51 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 26.02.2011 07:04:01 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 28.02.2011 06:01:42 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 28.02.2011 06:01:43 | Computer Name = ***-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 28.02.2011 06:02:04 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 28.02.2011 06:02:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.02.2011 06:04:26 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 28.02.2011 12:35:58 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 1,26 Gb Free Space | 2,86% Space Free | Partition Type: NTFS Drive D: | 246,33 Gb Total Space | 90,47 Gb Free Space | 36,73% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - D:\Programme\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation) PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) PRC - C:\Program Files\System Control Manager\MSIService.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.) PRC - D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (msvsmon90) -- D:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.) SRV - (BBDemon) -- D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) ========== Driver Services (SafeList) ========== DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.) DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKLM\..\URLSearchHook: {404590e6-99d2-4579-8d08-3c0297206b62} - C:\Program Files\Softonic-Eng11\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {404590e6-99d2-4579-8d08-3c0297206b62} - C:\Program Files\Softonic-Eng11\tbSoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.12.15 00:39:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.12.11 11:09:48 | 000,000,000 | ---D | M] [2009.09.19 10:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.02.27 21:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\53ihu8g5.default\extensions [2010.07.30 08:35:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\53ihu8g5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.15 09:53:24 | 000,000,890 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\53ihu8g5.default\searchplugins\conduit.xml [2011.01.17 14:52:54 | 000,000,000 | ---D | M] (Skype extension) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2009.10.15 09:22:11 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.03.11 22:18:25 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Softonic-Eng11 Toolbar) - {404590e6-99d2-4579-8d08-3c0297206b62} - C:\Program Files\Softonic-Eng11\tbSoft.dll (Conduit Ltd.) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O3 - HKLM\..\Toolbar: (Softonic-Eng11 Toolbar) - {404590e6-99d2-4579-8d08-3c0297206b62} - C:\Program Files\Softonic-Eng11\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng11 Toolbar) - {404590E6-99D2-4579-8D08-3C0297206B62} - C:\Program Files\Softonic-Eng11\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [UVS10 Preload] D:\Programme\Ulead\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ae7f742-b26f-11df-9278-fd577459fb01}\Shell\AutoRun\command - "" = G:\Menu.exe O33 - MountPoints2\{4019effb-effa-11df-ab8a-002421650b20}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe O33 - MountPoints2\{4019effb-effa-11df-ab8a-002421650b20}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.28 11:23:52 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.28 10:50:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.02.28 10:50:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.28 10:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.28 10:50:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.28 10:45:13 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup304.exe [2011.02.24 10:57:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\JAM Software [2011.02.24 10:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free [2011.02.24 10:57:46 | 000,000,000 | ---D | C] -- C:\Programme [2011.02.24 10:54:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2011.02.24 03:02:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 03:01:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 03:01:07 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 03:01:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 03:01:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 03:01:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 03:01:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 03:01:04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 03:01:04 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 03:01:04 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 03:01:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 03:01:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 03:00:58 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.02.24 03:00:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 03:00:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.24 03:00:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.24 03:00:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.09 16:48:31 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 16:48:28 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 16:48:27 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 16:48:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 16:48:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 16:48:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 16:48:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 16:48:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 16:48:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 16:48:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 16:48:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 16:48:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 16:48:19 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 16:48:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 16:48:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 16:48:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 16:48:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 16:48:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 16:48:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 16:48:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 16:48:13 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 16:48:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.28 11:23:55 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.28 11:08:53 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.28 11:08:53 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.28 11:08:53 | 000,150,100 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.28 11:08:53 | 000,121,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.28 11:03:19 | 000,150,591 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.28 11:01:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.28 11:01:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.28 11:01:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.28 10:50:06 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.28 10:47:14 | 000,296,448 | ---- | M] () -- C:\Users\***\Desktop\9nqqkkcb.exe [2011.02.28 10:45:14 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup304.exe [2011.02.28 10:41:09 | 000,150,591 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.28 07:17:11 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.02.24 10:57:48 | 000,000,912 | ---- | M] () -- C:\Users\***\Desktop\TreeSize Free.lnk [2011.02.10 03:25:37 | 001,664,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.28 10:50:06 | 000,000,797 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.28 10:47:13 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\9nqqkkcb.exe [2011.02.24 10:57:48 | 000,000,912 | ---- | C] () -- C:\Users\***\Desktop\TreeSize Free.lnk [2011.02.24 03:00:59 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 03:00:59 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.24 03:00:59 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.06.30 20:30:15 | 000,000,701 | ---- | C] () -- C:\Users\***\AppData\Roaming\DriveCalculator Preferences [2010.05.16 13:45:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.05.16 13:45:20 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.05.07 21:43:17 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.05.07 21:43:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.05.07 21:43:17 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.05.07 21:43:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.05.07 21:43:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.05.07 21:43:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.05.07 21:43:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.05.07 21:43:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.05.07 21:43:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.05.07 21:43:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.05.07 21:43:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.05.07 21:43:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.05.07 21:43:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.05.07 21:43:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.05.07 21:43:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.05.07 21:43:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.05.07 21:43:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.05.07 21:43:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.05.07 21:43:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.03.22 17:46:56 | 000,000,565 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini [2010.03.16 10:17:07 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.01.23 22:59:17 | 000,000,008 | -HS- | C] () -- C:\Users\***\AppData\Local\systemCurUses [2010.01.23 22:59:16 | 000,000,006 | -HS- | C] () -- C:\Users\***\AppData\Local\systemHdID [2010.01.02 15:12:40 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe [2010.01.02 15:12:28 | 000,010,769 | ---- | C] () -- C:\Users\***\AppData\Roaming\SmarThruOptions.xml [2010.01.02 15:12:17 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe [2010.01.02 15:12:11 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll [2010.01.02 15:12:11 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll [2010.01.02 15:11:57 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini [2010.01.02 15:11:54 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll [2010.01.02 15:07:51 | 000,110,592 | R--- | C] () -- C:\Windows\Wiainst.exe [2010.01.02 15:06:45 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2010.01.02 15:06:45 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2010.01.02 15:06:45 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2010.01.02 15:06:45 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2010.01.02 15:06:29 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll [2009.10.25 15:48:06 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.11 10:52:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.17 20:42:56 | 000,030,208 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.17 20:40:31 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.09.17 20:40:31 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2009.09.17 20:40:01 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.09.17 20:40:00 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.09.17 20:40:00 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.12.23 14:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.12.22 22:27:19 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.12.22 22:27:19 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.12.22 22:16:37 | 000,150,591 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.22 22:10:52 | 000,150,591 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.12.22 21:21:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.12.22 21:21:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.12.22 20:29:15 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.12.22 20:29:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.12.22 20:29:15 | 000,150,100 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.12.22 20:29:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 001,664,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,121,712 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2002.10.15 23:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll ========== LOP Check ========== [2009.09.22 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2009.11.12 03:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2010.03.20 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eagle Tree Systems [2011.02.24 10:57:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software [2009.10.17 22:58:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mathegrafix [2010.04.28 21:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2009.09.19 10:49:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.10.19 11:17:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenRocket [2010.05.07 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panasonic [2009.11.13 13:50:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite [2010.01.02 15:12:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmarThru4 [2010.05.16 15:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly [2010.05.16 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2010.03.21 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems [2010.02.27 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions [2011.02.28 11:00:02 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-28 12:33:53
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01
Running: 9nqqkkcb.exe; Driver: C:\Users\***\AppData\Local\Temp\uxddqfog.sys
---- System - GMER 1.0.15 ----
SSDT 80F283EC ZwCreateThread
SSDT 80F283D8 ZwOpenProcess
SSDT 80F283DD ZwOpenThread
SSDT 80F283E7 ZwTerminateProcess
INT 0x72 ? 874C0BF8
INT 0x82 ? 874C0BF8
INT 0x82 ? 874C0BF8
INT 0x92 ? 874C0BF8
INT 0xA2 ? 874C0BF8
INT 0xB2 ? 85D23BF8
INT 0xB2 ? 874C0BF8
INT 0xB2 ? 874C0BF8
INT 0xB2 ? 85D23BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 826D7A78 4 Bytes [EC, 83, F2, 80] {IN AL, DX ; XOR EDX, -0x80}
.text ntkrnlpa.exe!KeSetTimerEx + 624 826D7C48 4 Bytes [D8, 83, F2, 80]
.text ntkrnlpa.exe!KeSetTimerEx + 640 826D7C64 4 Bytes [DD, 83, F2, 80]
.text ntkrnlpa.exe!KeSetTimerEx + 854 826D7E78 4 Bytes [E7, 83, F2, 80]
? System32\drivers\uhixcgdx.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\sprn.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EA02320, 0x3F54F7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8F23846F 5 Bytes JMP 874C01D8
.text aahd294b.SYS 8F804000 22 Bytes [26, F2, 9D, 82, 10, F1, 9D, ...]
.text aahd294b.SYS 8F804017 145 Bytes [00, 32, 27, 7A, 80, 3D, 25, ...]
.text aahd294b.SYS 8F8040A9 35 Bytes [20, 67, 82, 60, 17, 67, 82, ...]
.text aahd294b.SYS 8F8040CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text aahd294b.SYS 8F8040DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA12CD300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA131F300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806986D6] \SystemRoot\System32\Drivers\sprn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80698042] \SystemRoot\System32\Drivers\sprn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80698800] \SystemRoot\System32\Drivers\sprn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806980C0] \SystemRoot\System32\Drivers\sprn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069813E] \SystemRoot\System32\Drivers\sprn.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A7E9C] \SystemRoot\System32\Drivers\sprn.sys
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortWritePortUchar] 838F829F
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8F8270
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\System32\Drivers\Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\aahd294b.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2772] @ C:\Windows\system32\NETAPI32.dll [PSAPI.DLL!GetModuleBaseNameW] [75BC159E] C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85D251F8
Device \Driver\volmgr \Device\VolMgrControl 85D211F8
Device \Driver\usbuhci \Device\USBPDO-0 853BD1F8
Device \Driver\usbuhci \Device\USBPDO-1 853BD1F8
Device \Driver\usbuhci \Device\USBPDO-2 853BD1F8
Device \Driver\usbehci \Device\USBPDO-3 874B51F8
Device \Driver\usbuhci \Device\USBPDO-4 853BD1F8
Device \Driver\usbuhci \Device\USBPDO-5 853BD1F8
Device \Driver\usbuhci \Device\USBPDO-6 853BD1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85D211F8
Device \Driver\usbehci \Device\USBPDO-7 874B51F8
Device \Driver\volmgr \Device\HarddiskVolume2 85D211F8
Device \Driver\cdrom \Device\CdRom0 853C01F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8AAD3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8AAD3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8AAD3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 85D211F8
Device \Driver\netbt \Device\NetBT_Tcpip_{1EBD1AA0-84BA-4C3B-BED2-373E3146582C} 8831B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8831B1F8
Device \Driver\sptd \Device\1599725654 sprn.sys
Device \Driver\Smb \Device\NetbiosSmb 88314500
Device \Driver\PCI_PNP5644 \Device\0000004e sprn.sys
Device \Driver\iScsiPrt \Device\RaidPort0 876D01F8
Device \Driver\netbt \Device\NetBT_Tcpip_{39320C4C-804E-4961-8DED-349320CAB6E6} 8831B1F8
Device \Driver\usbuhci \Device\USBFDO-0 853BD1F8
Device \Driver\usbuhci \Device\USBFDO-1 853BD1F8
Device \Driver\usbuhci \Device\USBFDO-2 853BD1F8
Device \Driver\usbehci \Device\USBFDO-3 874B51F8
Device \Driver\usbuhci \Device\USBFDO-4 853BD1F8
Device \Driver\usbuhci \Device\USBFDO-5 853BD1F8
Device \Driver\usbuhci \Device\USBFDO-6 853BD1F8
Device \Driver\usbehci \Device\USBFDO-7 874B51F8
Device \Driver\aahd294b \Device\Scsi\aahd294b1 876BF2A0
Device \FileSystem\cdfs \Cdfs 8921A1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0xF3 0x9B 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x17 0x86 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x31 0xF8 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0xF3 0x9B 0x48 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x17 0x86 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x31 0xF8 0x73 ...
---- EOF - GMER 1.0.15 ----
|
| Themen zu SpyEyes Trojaner gefunden, Logfiles erstellt |
| adobe after effects, avgntflt.sys, avira, bho, bonjour, call of duty, ccsetup, conduit, document, entfernen, error, excel, flash player, format, hal.dll, home, iastor.sys, iexplore.exe, install.exe, location, microsoft office word, mozilla, mp3, nvlddmkm.sys, office 2007, oldtimer, otl log, otl.exe, plug-in, programdata, realtek, registry, rojaner gefunden, rundll, saver, schattenkopien, sched.exe, searchplugins, security, security update, shell32.dll, skype.exe, software, sptd.sys, spyeyes, start menu, studio, svchost.exe, system, tcp, third party, trojan.spyeyes, trojaner, trojaner gefunden, trojaner-board, udp, usb, usb 2.0, usbport.sys, vista, visual studio, world at war |
Baum-Darstellung