![]() |
|
Plagegeister aller Art und deren Bekämpfung: AVG-Meldungen: "Exploit Blackhole Exploit KIT" und "Infected Virus found JD/Redir" - Bitte um HilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() AVG-Meldungen: "Exploit Blackhole Exploit KIT" und "Infected Virus found JD/Redir" - Bitte um Hilfe Moinsen Gemeinde... Hab seit 2 Tagen Probleme mit meinen Rechner. Bekomme von AVG Free oben genannte Meldungen angezeigt und weiß nicht wirklich weiter. Zudem ist der Rechner extrem langsam und friert häufig total ein, was lediglich durch Kaltstart behoben werden kann. Habe mich durch Eure To-Do-Liste gekämpft und die OTL-Logfiles füge ich hier hinzu. OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.12.2011 12:28:48 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Maike\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,40% Memory free 6,18 Gb Paging File | 4,70 Gb Available in Paging File | 75,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 78,91 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 24,27 Gb Free Space | 99,43% Space Free | Partition Type: NTFS Drive F: | 24,41 Gb Total Space | 5,58 Gb Free Space | 22,85% Space Free | Partition Type: NTFS Drive G: | 93,84 Gb Total Space | 32,78 Gb Free Space | 34,93% Space Free | Partition Type: NTFS Computer Name: FINDUS | User Name: Maike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.21 12:15:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maike\Desktop\OTL.exe PRC - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.05.07 13:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.08.19 07:47:48 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe PRC - [2009.08.19 07:47:47 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe PRC - [2009.08.19 07:47:44 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgnsx.exe PRC - [2009.08.19 07:47:42 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe PRC - [2009.08.19 07:47:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.02 02:03:29 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Maike\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.07.25 23:08:57 | 003,833,640 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe PRC - [2008.07.25 23:08:53 | 003,432,448 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.07.25 23:08:44 | 003,517,440 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe PRC - [2008.07.25 23:08:37 | 003,667,968 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2008.04.30 18:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.04.25 02:25:52 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.18 14:18:02 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.04.10 15:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.04.10 15:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.04.10 03:06:17 | 000,593,920 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2008.04.08 10:03:29 | 000,393,216 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2008.04.08 07:03:19 | 000,348,160 | R--- | M] (AVerMedia) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008.04.08 06:52:21 | 000,163,840 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2008.04.01 02:01:58 | 000,793,096 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.07 02:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.03.05 10:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe PRC - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.04 22:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008.02.01 04:00:54 | 003,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\postgres.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.03.27 11:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\acp2HID.exe PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe PRC - [2005.01.31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 02:29:33 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.10.14 02:28:05 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll MOD - [2011.10.14 02:27:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 02:26:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.10.14 02:25:50 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.14 02:25:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.14 02:25:27 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll MOD - [2011.10.14 02:24:35 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.14 02:23:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2009.04.11 07:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008.07.25 23:08:57 | 003,833,640 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe MOD - [2008.05.07 19:06:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.05.07 19:06:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.05.07 19:06:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.04.30 15:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.04.10 15:30:22 | 000,753,664 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.04.10 15:30:18 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008.04.08 06:52:21 | 000,163,840 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe MOD - [2008.04.04 02:00:58 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2008.03.04 22:38:16 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007.09.11 10:12:08 | 000,475,136 | ---- | M] () -- C:\Programme\Acer\Acer VCM\AcerControl.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2011.11.22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.05.07 13:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009.08.19 07:47:42 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009.08.19 07:47:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2008.07.25 23:08:44 | 003,517,440 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008.04.08 10:03:29 | 000,393,216 | R--- | M] () [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008.04.08 07:03:19 | 000,348,160 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.02.08 15:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005.01.31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS) DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.08.19 07:47:47 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009.08.19 07:47:47 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009.05.11 08:26:46 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2008.07.25 23:08:40 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.05.30 22:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.18 14:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.12 02:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.04.03 21:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.04.03 21:56:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.03.01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.12.28 08:01:58 | 000,281,984 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2007.12.19 01:00:00 | 000,401,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2007.11.07 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.02.22 09:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.02.22 09:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.02.22 09:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.02.22 09:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "fritz.box" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011.12.21 11:48:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 15:12:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.28 21:48:09 | 000,000,000 | ---D | M] [2009.11.03 18:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maike\AppData\Roaming\mozilla\Extensions [2009.11.03 18:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maike\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.12.20 15:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maike\AppData\Roaming\mozilla\Firefox\Profiles\svl0vtev.default\extensions [2011.12.19 20:58:43 | 000,000,933 | ---- | M] () -- C:\Users\Maike\AppData\Roaming\Mozilla\Firefox\Profiles\svl0vtev.default\searchplugins\11-suche.xml [2011.12.19 20:58:43 | 000,002,419 | ---- | M] () -- C:\Users\Maike\AppData\Roaming\Mozilla\Firefox\Profiles\svl0vtev.default\searchplugins\englische-ergebnisse.xml [2011.12.19 20:58:43 | 000,010,525 | ---- | M] () -- C:\Users\Maike\AppData\Roaming\Mozilla\Firefox\Profiles\svl0vtev.default\searchplugins\gmx-suche.xml [2011.12.14 21:12:53 | 000,001,056 | ---- | M] () -- C:\Users\Maike\AppData\Roaming\Mozilla\Firefox\Profiles\svl0vtev.default\searchplugins\icqplugin.xml [2011.12.19 20:58:43 | 000,002,457 | ---- | M] () -- C:\Users\Maike\AppData\Roaming\Mozilla\Firefox\Profiles\svl0vtev.default\searchplugins\lastminute.xml [2011.12.19 20:58:43 | 000,005,508 | ---- | M] () -- C:\Users\Maike\AppData\Roaming\Mozilla\Firefox\Profiles\svl0vtev.default\searchplugins\webde-suche.xml [2011.12.20 18:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.20 18:51:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2009.07.23 02:00:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.11.11 15:12:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.10.16 20:41:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.16 20:41:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.16 20:41:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.16 20:41:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.16 20:41:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.16 20:41:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} Hosts file not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB59099-1350-4723-BB6B-E00387B564B6}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDB791C6-C9EF-47A9-A925-CE6FB1BE68D4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Maike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Maike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{23fc93ca-be05-11dd-9521-0016ea560220}\Shell - "" = AutoRun O33 - MountPoints2\{23fc93ca-be05-11dd-9521-0016ea560220}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EDF5C495-6F9D-4F96-1375-ACBFC5BC1D8F} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Maike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe - (Sony Corporation) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: NSLauncher - hkey= - key= - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe () MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig - StartUpReg: UVS10 Preload - hkey= - key= - C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.21 12:15:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Maike\Desktop\OTL.exe [2011.12.21 11:48:43 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys [2011.12.21 11:48:42 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.12.21 11:48:41 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.12.21 11:48:41 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.12.21 11:46:37 | 000,253,096 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.12.21 11:46:37 | 000,105,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.12.21 11:46:05 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2011.12.21 11:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.12.21 11:46:00 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.12.21 11:35:26 | 000,660,992 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.12.21 11:35:26 | 000,341,656 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011.12.21 11:35:15 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.12.21 11:35:14 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.12.21 11:35:01 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2011.12.21 11:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011.12.21 11:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2011.12.21 11:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.21 11:33:46 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\TestApp [2011.12.20 22:13:43 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.12.20 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.12.20 18:51:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.12.20 18:51:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.12.20 18:51:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.12.19 21:35:41 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Malwarebytes [2011.12.19 21:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.19 21:35:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.19 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.14 10:20:03 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.14 10:20:03 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.14 10:20:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.14 10:19:57 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.12.14 10:19:57 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.12.14 10:19:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.12.14 10:19:57 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.12.14 10:19:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.14 10:19:56 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.14 10:19:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.12.14 10:19:51 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.14 10:19:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.14 10:19:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.11.24 16:51:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.24 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Solid State Networks [2011.11.23 21:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Maike\*.tmp files -> C:\Users\Maike\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.21 12:34:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.21 12:22:24 | 000,071,071 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.21 12:21:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.12.21 12:20:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.21 12:20:25 | 000,071,071 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.12.21 12:20:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 12:20:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 12:19:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.21 12:19:39 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys [2011.12.21 12:15:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maike\Desktop\OTL.exe [2011.12.21 12:12:56 | 000,000,000 | ---- | M] () -- C:\Users\Maike\defogger_reenable [2011.12.21 12:12:48 | 087,876,768 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2011.12.21 12:10:41 | 000,050,477 | ---- | M] () -- C:\Users\Maike\Desktop\Defogger.exe [2011.12.21 11:55:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.21 11:40:40 | 002,382,792 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.12.20 18:29:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.12.20 14:38:49 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.20 14:38:49 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.20 14:38:49 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.20 14:38:49 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.18 04:33:28 | 000,000,680 | ---- | M] () -- C:\Users\Maike\AppData\Local\d3d9caps.dat [2011.12.15 03:39:51 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.12.15 03:39:00 | 000,478,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.23 21:17:07 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.11.22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2011.11.22 19:41:28 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2011.11.22 19:38:10 | 000,105,792 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.11.22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Maike\*.tmp files -> C:\Users\Maike\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.21 12:12:56 | 000,000,000 | ---- | C] () -- C:\Users\Maike\defogger_reenable [2011.12.21 12:10:29 | 000,050,477 | ---- | C] () -- C:\Users\Maike\Desktop\Defogger.exe [2011.12.21 11:48:42 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.12.21 11:48:42 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip [2011.12.21 11:48:42 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011.12.21 11:48:42 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011.12.21 11:48:42 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011.12.21 11:35:29 | 002,382,792 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.11.23 21:17:07 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.03.19 11:22:34 | 000,001,590 | ---- | C] () -- C:\Windows\wininit.ini [2011.03.19 11:18:51 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.03.15 14:26:40 | 000,007,985 | ---- | C] () -- C:\Users\Maike\AppData\Roaming\.civclientrc [2010.03.01 17:04:44 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.03.01 17:04:44 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.03.01 17:04:44 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.03.01 17:04:44 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.03.01 17:04:44 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.03.01 17:04:44 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.03.01 17:04:44 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.03.01 17:04:44 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.03.01 17:04:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.03.01 17:04:44 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.03.01 17:04:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.03.01 17:04:44 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.03.01 17:04:44 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.03.01 17:04:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.03.01 17:04:44 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.03.01 17:04:44 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.03.01 17:04:44 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.03.01 17:04:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.03.01 17:04:44 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.01.24 21:49:40 | 000,024,206 | ---- | C] () -- C:\Users\Maike\AppData\Roaming\UserTile.png [2010.01.24 18:57:05 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2009.12.23 13:02:54 | 000,000,347 | ---- | C] () -- C:\Users\Maike\AppData\Local\postgresinstall.bat [2009.12.01 10:42:56 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.08.18 23:49:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.18 23:49:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.08 14:05:59 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll [2009.07.08 14:05:59 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys [2009.05.06 15:40:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.11.29 12:08:16 | 000,015,573 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2008.11.12 09:21:22 | 000,000,680 | ---- | C] () -- C:\Users\Maike\AppData\Local\d3d9caps.dat [2008.10.02 19:00:52 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN [2008.10.02 19:00:52 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN [2008.10.02 19:00:52 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN [2008.10.02 19:00:52 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN [2008.09.28 12:59:24 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll [2008.09.21 10:46:52 | 000,030,720 | ---- | C] () -- C:\Users\Maike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.21 10:45:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.20 17:35:17 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2008.09.20 17:11:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.07.26 08:50:20 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe [2008.07.25 23:11:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.25 23:09:05 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.07.25 23:07:23 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.07.25 23:07:23 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.07.25 23:07:23 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe [2008.07.25 23:07:23 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.07.25 23:05:57 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.25 23:05:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.07.25 23:05:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.07.25 23:05:57 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.07.25 22:59:45 | 000,071,071 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.25 22:59:42 | 000,071,071 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.05.08 04:32:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.05.08 04:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.05.08 04:32:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.05.08 04:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.05.07 19:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.05.07 19:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.05.07 19:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.04.30 09:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.04.30 09:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.04.30 09:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.04.30 09:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,478,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.12.07 11:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.21 11:27:58 | 000,000,000 | -H-D | M] -- C:\$AVG8.VAULT$ [2008.09.02 02:03:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.09.02 03:05:22 | 000,000,000 | ---D | M] -- C:\Acer [2011.07.02 13:46:01 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2008.07.26 08:46:58 | 000,000,000 | ---D | M] -- C:\Book [2009.08.29 06:29:34 | 000,000,000 | -HSD | M] -- C:\Boot [2009.12.01 10:44:11 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2008.07.25 23:05:04 | 000,000,000 | ---D | M] -- C:\CLSetup [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.09.02 01:58:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.09.28 12:59:24 | 000,000,000 | ---D | M] -- C:\Drivers [2010.03.01 16:42:36 | 000,000,000 | ---D | M] -- C:\Drucker [2008.09.02 02:02:55 | 000,000,000 | ---D | M] -- C:\Elements [2008.04.30 08:21:30 | 000,000,000 | ---D | M] -- C:\Intel [2011.02.22 16:54:37 | 000,000,000 | ---D | M] -- C:\Monopoly [2008.05.07 18:46:17 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.21 11:34:59 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.21 11:33:48 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.09.02 01:58:05 | 000,000,000 | -HSD | M] -- C:\Programme [2009.07.21 16:44:34 | 000,000,000 | ---D | M] -- C:\Programs [2010.09.04 12:27:53 | 000,000,000 | ---D | M] -- C:\Richard_Davies [2011.03.19 11:22:13 | 000,000,000 | ---D | M] -- C:\SIERRA [2011.02.24 10:17:45 | 000,000,000 | ---D | M] -- C:\Spiele [2011.12.21 12:36:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.01.24 22:06:51 | 000,000,000 | R--D | M] -- C:\Users [2011.12.21 12:20:06 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-16 08:23:14 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB1632$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Windows:69D6E838C162D06E @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54 < End of report > Die Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2011 12:28:48 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Maike\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,40% Memory free 6,18 Gb Paging File | 4,70 Gb Available in Paging File | 75,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 78,91 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 24,27 Gb Free Space | 99,43% Space Free | Partition Type: NTFS Drive F: | 24,41 Gb Total Space | 5,58 Gb Free Space | 22,85% Space Free | Partition Type: NTFS Drive G: | 93,84 Gb Total Space | 32,78 Gb Free Space | 34,93% Space Free | Partition Type: NTFS Computer Name: FINDUS | User Name: Maike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0387375A-7501-4142-8C12-3FEAA8A5170D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1632608E-C4FD-491B-8E4B-1197CA2660FC}" = rport=138 | protocol=17 | dir=out | app=system | "{18E18449-4A51-468C-A224-87F675B20035}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{460177E9-8DFB-46F6-8043-3E6AEDC0C236}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{6260B066-E121-495E-BF8A-3E88852CF544}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{67B2E436-27C9-44E0-A15E-4873B01C27FB}" = lport=445 | protocol=6 | dir=in | app=system | "{6860556C-59B4-445D-8734-1C77DB65A613}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{6D12E274-4FE9-4588-B396-2A9CF5E905A1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{6F7C7B2B-D6EE-40DF-82B4-C1E1A45F88DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7A18F34F-4C11-4619-9FB7-7C74EA024E35}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7B46E0A9-E0B5-4798-90DD-024FD15D6849}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{819B5B5A-E5B5-48EE-AB91-C1EDF9519A4E}" = rport=2869 | protocol=6 | dir=out | app=system | "{878A97C2-5BFC-4F09-BD7C-8C822C58471B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9C22E3FF-254F-46BC-90AC-506727488AE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9DC1B2D1-B900-40CD-A575-2D1E8DFA3D86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A00998D7-2910-45C0-A96C-462D27EBEC83}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A4D1628A-D36F-46A8-B04C-8D8146A63CC9}" = lport=2869 | protocol=6 | dir=in | app=system | "{C6132029-B868-4252-A4CE-9279E97E7FA7}" = lport=138 | protocol=17 | dir=in | app=system | "{C63DFE16-5A8E-43B6-B307-399A35D836B7}" = rport=137 | protocol=17 | dir=out | app=system | "{CEDCA5C6-0CF2-48BC-86F4-93D7615894C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D1870BBA-17B2-4685-9B72-C664F8EAC420}" = lport=137 | protocol=17 | dir=in | app=system | "{E1A6ABD6-6FCC-45C7-BE9F-71252423261C}" = lport=139 | protocol=6 | dir=in | app=system | "{E4494E0C-83CD-41A8-9DD8-162D9D2A327B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F4D53A6F-5AE8-47A2-8CE5-0C3E8A8D7162}" = rport=139 | protocol=6 | dir=out | app=system | "{F6693437-F81B-4B27-A8A0-80B4FDD2C805}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F98CA2C4-F18B-4815-8E51-59661E3F5D81}" = rport=445 | protocol=6 | dir=out | app=system | "{FBC2B816-2DB0-4413-BC6E-E8D762AE4AEF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{031D708D-378E-4B4D-A50F-096A5AAB927E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{0515AB49-D391-4A91-8DAF-53C4D3C2F355}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{1078D01E-5551-4BBA-B6D4-0A4CB6DB4C87}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{22913065-2242-4749-98B9-5146393B8D8E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{2A9A7913-C9FB-45E1-A8EB-8B026BC74FE4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2DB9864A-7249-4E0B-9B05-84DF35F6E304}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{2DF242F4-4A6A-4D43-885F-CBEE0BFB47C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{31A2002C-2D07-4788-A180-D1FB7DF92E6E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{3AAB3E08-F00F-458B-9357-13186CC822F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4594E4AB-E221-48A1-85B0-CA040E2B13DE}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{4A2C9818-D75E-484E-9C7A-A792E2435D09}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{50858BBF-65C3-496A-AD8B-1B02FF148BA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5AD711F2-CD42-429E-818E-E2A72FAD3FF2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{5DDDE6F5-9D1E-43D2-ADA6-0016812B7DB1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{61305911-015F-45B8-B23E-F5F294BD3398}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{61831BCB-F513-4BA0-9CA9-B5C1552D94FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{65C343C5-FE3D-49CE-BA80-9918245C3E61}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{663E24DB-746F-4613-A025-711B5352DF9A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{87D161C0-C4E4-45C5-A559-87809C70A3DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{96C6A301-CA3B-4EBA-8E13-428C75649FC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B1CE5A0B-876D-4214-B663-B195B58C0A1A}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{C15BCFE2-42DD-47BA-9877-760A9210F7B6}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{C5338B35-D9C4-45E3-AB9C-845DE9D572F8}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "{CD04A254-A2E8-4ADB-96D2-91074CD83499}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{D5F66989-ABA1-40E5-AA30-729065748063}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{DD2F0E3F-A5BD-4C2E-AF8E-CE5F5362655A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EAB954B2-2487-4118-8722-B00CEDCEA6E9}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "{F848FE28-6377-4D2D-A010-D919339F92B0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FDFCD303-39D7-44E7-9BD1-5CFB893450BC}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "TCP Query User{3B276735-3260-423A-8E8E-A6A2BDA2D9C7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{4B63BE3C-77D1-481C-90D1-BF5152686FD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{6F8A952B-765E-4635-A1F4-A2C798FA6599}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{88A92941-8050-4EB3-BD88-4E93D1096FEA}F:\spiele\emergency4\em4deluxe.exe" = protocol=6 | dir=in | app=f:\spiele\emergency4\em4deluxe.exe | "TCP Query User{90CB92D7-1E59-46E6-98DD-57EBB0788F77}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{93CC216B-6CB3-4270-A43E-2E54988E9A9F}C:\program files\freeciv-2.1.6-gtk2\civserver.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.1.6-gtk2\civserver.exe | "TCP Query User{A99306BE-0BF6-4988-96A5-8517008524CD}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{A9B2ECED-0D87-49BC-82AD-0873EAC06257}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe | "TCP Query User{D5503CE2-C80A-44A0-8832-0EEB1E85F54B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{D7157D1E-5368-4951-93A7-85B583DFA92E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{E000BD57-3E07-40DC-85A6-8A8067C2B903}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{E0F5369A-D767-46F0-AB2F-3004B195D087}C:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=c:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe | "UDP Query User{38E7FDBE-1DF7-413E-AF37-1D9AC5A6BEAA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{3FD9ACB8-ED6C-4BCA-9971-94BBF1C34309}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe | "UDP Query User{438BB7DF-3C71-4B44-8DE2-6738DBEE6B81}F:\spiele\emergency4\em4deluxe.exe" = protocol=17 | dir=in | app=f:\spiele\emergency4\em4deluxe.exe | "UDP Query User{5D924B5C-95C2-4E72-9967-9780E509700D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{82B4D53A-8A18-496F-BB68-B96448D730F1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{93694812-402E-44B6-8797-F9D56E2DD5CB}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{BCAE15FE-D495-4FD8-8F57-F0B1DC71C052}C:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=c:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe | "UDP Query User{C755B5AE-592B-4C77-B893-1E27AE37C653}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{C8EB20A9-EF20-4029-A47A-53B3D0294B3E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{CF90FA81-18C0-416E-B9C3-B75292D03F62}C:\program files\freeciv-2.1.6-gtk2\civserver.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.1.6-gtk2\civserver.exe | "UDP Query User{D76DF463-30A3-417B-AD62-2CF9A7A8BE0E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{F0C0C945-580E-4170-8C22-D6C0AA214F17}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{20BCD471-7897-481D-ACF2-CB9BABF6A6CF}" = Nokia Software Updater "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ Beta 4.0 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30 "{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}" = Nokia Nseries Video Manager "{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light "{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install "{3C073268-7BBD-FB87-C266-5298B32DDAF3}" = PennerBox "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{481C4C27-7A05-47D8-BACB-A3FDD3162D1B}" = Acer Crystal Eye Webcam 3.0.3.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver "{9781A96F-71AC-4738-984B-5AB597DFE678}" = WER WIRD MILLIONÄR VIERTE EDITION "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.3.1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B53F4598-B3D9-41DF-911E-523FA91EE464}" = Nokia Software Launcher "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D7DCC734-7F6F-4E82-9B74-0BAB4BB36C4A}" = PokerStrategy Elephant "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials "{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5 "{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1932E56-8A95-40E0-A15B-E06B45969845}" = Nokia NSeries System Utilities "{F4EE8763-EAA8-4BC1-8594-8501F5F00414}" = Nokia NSeries One Touch Access "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier "{F89E5AD8-AE47-49B5-B9F9-C498791E6255}" = Nokia NSeries Music Manager "{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player "{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection AAA 6.0.00.15 "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Art of Murder HO1/DE-German_is1" = Die Kunst des Mordens: Die Geheimen Akten "AVerMedia A815 USB DVB-T" = AVerMedia A815 USB DVB-T 1.0.0.38 "AVG8Uninstall" = AVG Free 8.5 "BFGC" = Big Fish Games: Game Manager "Browser Defender_is1" = Browser Defender 4.0 "BSW" = BrettspielWelt "Caesar 3" = Caesar 3 "CDex" = CDex extraction audio "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "FLV Player" = FLV Player 2.0 (build 25) "Gehirnjogging - Der Trainer fürs Gedächtnis..." = Gehirnjogging - Der Trainer fürs Gedächtnis... "Google Chrome" = Google Chrome "Google Updater" = Google Updater "GridVista" = Acer GridVista "ICQToolbar" = ICQ Toolbar "InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "IrfanView" = IrfanView (remove only) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Monopoly Deluxe" = Monopoly Deluxe "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "PartyPoker" = PartyPoker "PennerPack 1.4" = PennerPack 1.4 "QuickTime" = QuickTime "RealPlayer 6.0" = RealPlayer "Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9 "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "Spyware Doctor" = PC Tools Spyware Doctor 9.0 "ST6UNST #1" = Recorder "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.7.4.1962 "VLC media player" = VLC media player 0.9.9 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinRAR archiver" = WinRAR "xp-AntiSpy" = xp-AntiSpy 3.96-8 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Skat-Online V9" = Skat-Online V9 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ich verstehe bei diesen LOGs immer nur Bahnhof und wäre sehr dankbar, wenn mir jemand von Euch helfen könnte! Liebe Grüße, die Gestalt Nachtrag: Zusätzlich zu den bisherigen Problemen habe ich jetzt die Meldung "Windows wurde aus Sicherheitsgründen gesperrt" mit einer Bezahlaufforderung. Der Rechner lässt sich jetzt gar nicht mehr benutzen. Würde mich über Eure Hilfe sehr freuen. Geändert von SchwarzeGestalt (21.12.2011 um 13:53 Uhr) |
Themen zu AVG-Meldungen: "Exploit Blackhole Exploit KIT" und "Infected Virus found JD/Redir" - Bitte um Hilfe |
.vault, alternate, autorun, avg, bho, blackhole, browser, c:\windows\system32\rundll32.exe, defender, diner dash, downloader, error, excel.exe, firefox, format, google chrome, google earth, home, install.exe, intranet, langsam, launch, microsoft office word, nvlddmkm.sys, photoshop, plug-in, popup, realtek, registry, required, rundll, scan, security, software, svchost.exe, udp, usb, virus, vista, visual studio |