|
Log-Analyse und Auswertung: "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.02.2012, 16:57 | #1 |
| "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." Hallo liebe Helferlein! Auch mich hat nun das scheinbar altbekannte Virus heimgesucht. Insofern brauche ich wohl nichts mehr zur "Symptomatik" schreiben. Habe OTL im abgesicherten Netzwerkmodus durchlaufen lassen. Hier sind die Ergebnisse der zwei Dokumente. Vorab schon einmal ein großes Dankeschön!! OTL.txt: PHP-Code: |
09.02.2012, 16:59 | #2 |
| "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." Extras.txt:
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.02.2012 15:58:59 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,26% Memory free 6,19 Gb Paging File | 5,92 Gb Available in Paging File | 95,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 12,44 Gb Free Space | 11,17% Space Free | Partition Type: NTFS Drive D: | 105,90 Gb Total Space | 17,85 Gb Free Space | 16,86% Space Free | Partition Type: NTFS Drive E: | 486,17 Mb Total Space | 311,50 Mb Free Space | 64,07% Space Free | Partition Type: FAT Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 1 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BCB9A2F-BDDC-4322-9E7F-BAA8DB3A41ED}" = lport=445 | protocol=6 | dir=in | app=system | "{18DFD707-78BB-43D4-9D37-0E052C0C1098}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1BC061C6-0A1E-41A6-89B4-215B9D05AC04}" = rport=139 | protocol=6 | dir=out | app=system | "{1D01C083-0FD5-46FC-B2F9-82ED998CE7C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2BC6733C-A0F6-42CA-87A8-39A803CF2478}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2DACCBBC-3D8F-43A8-ABBC-CF84E40A0808}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{422F74D6-C7E0-4D5E-BACA-362833257E5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{502B71DD-C4F0-4FD2-A494-7F5F17CBD3F7}" = lport=2869 | protocol=6 | dir=in | app=system | "{578331AA-0DBC-42C1-B75B-AF54B8DB38A3}" = rport=445 | protocol=6 | dir=out | app=system | "{5E1EE19F-699D-4B3E-A9E6-D6D6165FF09A}" = rport=10243 | protocol=6 | dir=out | app=system | "{5FA06081-510E-4481-8523-4C71140A175B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6D0977E5-ACE7-4B7F-A23E-946E517CCEDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6D6A4FD5-7403-447E-BD22-C59F934B53F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7B5C01E7-14BB-4561-874A-214BC716A909}" = lport=137 | protocol=17 | dir=in | app=system | "{7FA15885-562D-40EC-9DDE-8C8EDE096E17}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8663E336-C9FE-424C-895F-51E2ADE07344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8817E89D-7BEC-4CFE-A8F8-8DE524383E4B}" = rport=137 | protocol=17 | dir=out | app=system | "{A0E9B23F-B8A2-44F2-A666-7CBEBF711823}" = rport=138 | protocol=17 | dir=out | app=system | "{A9347191-50FD-4A79-BCFA-E618D5B3FDE8}" = lport=139 | protocol=6 | dir=in | app=system | "{B68BAB3A-7CDB-47E4-8288-957A505CC041}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B6C7BEA9-E0EA-45E2-9B6E-22902A1F1601}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BA7C17DF-368C-4FBC-A72D-7DFAC9B926CB}" = lport=10243 | protocol=6 | dir=in | app=system | "{BB6B635C-49E4-4D01-BCB7-82DB4495C6EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BD77C8B6-E2FE-4536-8A32-DC90E19A2F57}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C586C619-13E7-4526-9C4A-8374F24DFD31}" = lport=138 | protocol=17 | dir=in | app=system | "{C749CF17-9E7F-4ADB-A5B9-D6B8691BBFA1}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{D3118657-4769-454D-ABDD-13807A8CB4B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FCBE4470-59C7-4833-9833-EBFB2D05835C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04210FEA-D621-4AC6-9706-42FE387FB187}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{08E5F393-BED8-486A-AD7F-769E3F6A1579}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0CFEB6DC-A5D9-4D88-8F33-CDCE4A4E77BD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{121D0D94-C9B7-4FD3-BC2C-17862593AF62}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{1933C5E3-B32C-432A-8E82-AF50E29D1A6E}" = protocol=6 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\tools\anno4web.exe | "{1CF98279-1E48-4A8C-8A01-358ADBEE80FE}" = protocol=6 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\anno4.exe | "{1F33EFA3-43C5-4B73-B218-84C4D579D1F0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{274B00B2-47A6-47D1-9B75-D109516882E3}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii beta\starcraft ii.exe | "{29455BA8-EA81-4664-949E-A303C17B25C9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{29EB2ECF-A464-4701-AE5A-4752B4A520EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2B036B52-512B-41AE-B259-84994FA6DBB8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{3060155D-9704-4482-841A-598A1DC68F08}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{35288F3D-1737-497C-8237-9040265B6E49}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{3CD3E0C5-3C00-4151-8894-8D3C7FDA4EA2}" = protocol=6 | dir=in | app=d:\spiele\dragon age\daoriginslauncher.exe | "{40D4CD0E-9E4A-4F97-9135-0AA6D7FE1F47}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{40E077C9-1737-4AE7-BB56-957629079CB5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{41BBE809-1548-4A38-9D8F-3FAF4BCDBC33}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{49E7C65E-6B52-4F1A-ABF4-BCE027275ECF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{51F12135-5E2C-4542-A1B1-9389103868A0}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{53F43FDE-9829-47E9-A5D5-AF5D5461B436}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{54B4FB10-8D01-4CEC-BE22-9CA8B350636B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{56149AE9-F2D4-40F7-AB47-6A3454426633}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{5C72302E-B6D7-435B-AF55-D0B3451E5C6A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{61EC266C-2362-4F4C-BE23-9B6668FE2C97}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{64F7AB79-9109-4CA3-A336-38F54FF6128C}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{663B6DF3-C8BF-45C3-BBC7-3E6CFB338731}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{693527D4-7CD6-4653-8149-9CCB51121BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AC2BE6D-C85E-41F7-A8B3-3E27EAFA2E35}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{6B43F165-0624-4B08-AB17-19471952A5D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6CAACFB8-40B9-453E-94D3-9517AAC6FEA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6CF84A31-FD40-4E58-9F9D-0D29B8DE81CF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{70BEE19C-671C-4B76-BB85-EE2A39D7AF0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{75309331-C730-4461-979D-33E9F1365B1D}" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | "{7706C3EC-0215-4467-9E92-DA68998F3C80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7CF32B2A-7A4B-465A-85D0-08113CED40B8}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii beta\starcraft ii.exe | "{7E3439EA-BD64-40ED-B156-76CF667CFC96}" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | "{810F548C-9793-4935-8C88-181EED29B47F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{85D75BC6-C4E4-406F-A713-0F22E1DD6D01}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{87A07541-4DD3-4A92-9E08-15DDE5FC5DA2}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii beta\support\blizzarddownloader.exe | "{8907C116-F804-4121-BD3C-7A680165EF85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8D8EDE60-F036-4B3D-93D1-67C2B43B9F2A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{8DD39A89-72A1-4216-8EFD-651F71A12E88}" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | "{9260B7EF-B304-4F6D-9CBA-980E2EE4254B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{992797C5-0800-45CC-8B43-F00B13717B48}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{9927DE4E-6133-4213-9188-0BF29508E69C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{9B25DF26-A70E-469E-9089-9DFC9FFE9649}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B1EC0C6C-EC1C-496B-AD5A-098773C8E618}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B5ED9CDB-0767-41A9-B664-AA9B031F2EC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B8E2F2BE-3A44-4E2A-A167-B0E4EB0DC812}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{B934CA55-CEA6-418C-9F7D-DF83B0C9C648}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{BACD07EE-6DFA-4A8E-B3FC-A9B77615338B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{BDA86739-4D10-4AC6-A339-5C8D606C3509}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii beta\support\blizzarddownloader.exe | "{C4D0717A-00BE-41CE-8EFF-F62F35B99CB1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{C6342978-2FF0-4DA9-AAC4-219ED4EE3935}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{C92A06DD-34C1-48E2-829A-27CBD6D0BFB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C936502D-74D6-4F9C-97D5-A09C2BEF0118}" = protocol=17 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\anno4.exe | "{CE31D2E4-8C53-4D15-BD94-2B770FA273D4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{CF796520-13DB-4F3E-92A7-44FF23EB990E}" = protocol=6 | dir=out | app=system | "{D0FE1C55-B62E-4EFC-A283-7B36CF32EFC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D26AB9D1-DA7D-4DFE-B9E2-7C0458AEEFE8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D4ED0083-C577-4B1B-A674-857E5D35758A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D6331814-6F25-4F97-A462-E78E1ADEF660}" = protocol=17 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\tools\anno4web.exe | "{DA690005-460A-4332-B3D9-068468F17D5D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{E202E5BC-E4ED-419C-A15C-EB25C3116EA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E5B4816F-206F-45D8-9B24-FE10703CF31E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{E72433FE-4929-4D20-B3E4-8ADE7EB697E0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{E7E96016-4EDA-4220-9576-2E1E4340AB79}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{E9E47F72-3768-49F7-9187-F264C7B7D1E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E9EF6D5B-7B6D-44B6-9771-190A2ACB5F16}" = protocol=17 | dir=in | app=d:\spiele\dragon age\daoriginslauncher.exe | "{EBC6673B-A1DB-40F9-9372-98BD88D3FC0C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{EE15AF32-D818-4625-8554-ABC7F5CB1E47}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{EF9F5384-5D83-4139-8A64-588F03EDA28D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{F3F60096-3666-4E43-90FA-3BA8BEDE86D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F5CEF4B1-45CB-4348-B7FF-E1D126B880DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F86351C6-8284-4C1A-8BEB-EDC4CF3BE44A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{F97B5013-767F-446D-8F95-7F3A30A45ACC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FD319E96-FDED-49E3-AD25-00A01BB5D432}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{FF7057ED-D72A-4CE3-A099-346267F64152}" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | "TCP Query User{09CF2D8A-CD3F-4DCE-856A-C512465ADE68}D:\spiele\codename eagle\ce 1.42\iplist.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\iplist.exe | "TCP Query User{0A12F0C4-2B07-4751-8CDE-D4AE1BF76FB1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{0E63E5D7-942F-4681-BF48-9796ABEB8D99}D:\spiele\homm iii\h3blade.exe" = protocol=6 | dir=in | app=d:\spiele\homm iii\h3blade.exe | "TCP Query User{1185A42C-9970-4922-9D09-65B1667B8293}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{18246D44-30CC-4862-A62B-162BD9E3818D}D:\spiele\cs1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs1.6\hl.exe | "TCP Query User{1A0D73BC-B505-432C-8400-4F9679218985}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "TCP Query User{21FA885B-4C55-49C6-9D44-07C77AA8EB12}D:\spiele\cs1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs1.6\hl.exe | "TCP Query User{2D0EE15E-A528-49A8-900F-067D5CAE89CC}D:\spiele\warcraft iii original\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | "TCP Query User{2F050F66-B59F-4429-AAB6-7B3E9BB5AA61}D:\spiele\freelancer\exe2\freelancer.exe" = protocol=6 | dir=in | app=d:\spiele\freelancer\exe2\freelancer.exe | "TCP Query User{3F2318E0-6312-448A-B05E-314684874634}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{46F5559D-A69A-4EE2-B79C-2C9497279A39}D:\spiele\aoe 2\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\aoe 2\age2_x1.exe | "TCP Query User{4C5095A6-3B2B-44C8-B048-0C96B6E345FC}D:\spiele\warcraft iii original\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | "TCP Query User{5231DCE8-2FAC-42FD-BFFA-4A3AAE1AE7A1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{5D70AF6E-4DBD-4240-85DD-515E200561FB}D:\spiele\warhammer 40000 dawn of war\w40k.exe" = protocol=6 | dir=in | app=d:\spiele\warhammer 40000 dawn of war\w40k.exe | "TCP Query User{6067F411-E203-46CE-8B76-524FD8D2EF96}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{61D9E951-BCEF-4701-B168-721562598B79}D:\spiele\renegade\game.exe" = protocol=6 | dir=in | app=d:\spiele\renegade\game.exe | "TCP Query User{6A1F497E-48B7-4EF5-BCAB-6BF9AC8E1087}D:\spiele\vietcong\vietcong.exe" = protocol=6 | dir=in | app=d:\spiele\vietcong\vietcong.exe | "TCP Query User{70C79276-D434-4B05-AD2D-68C91AE48397}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | "TCP Query User{7E6A7F4C-BCB6-468D-B2C5-269FC408C7F5}D:\spiele\counterstrike 1.6\hltv.exe" = protocol=6 | dir=in | app=d:\spiele\counterstrike 1.6\hltv.exe | "TCP Query User{829F3ABB-197D-4F2A-A685-1FE7B3C6B59B}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | "TCP Query User{9A12CC94-2994-4AB2-89FE-943B69E5AAC3}D:\spiele\call of duty ii\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty ii\cod2mp_s.exe | "TCP Query User{9EB940A5-8EF2-497A-818B-FF6DB5BB02A7}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "TCP Query User{A655C730-C463-4A2E-A436-5328DF0E0F7D}D:\spiele\vietcong\vietcong.exe" = protocol=6 | dir=in | app=d:\spiele\vietcong\vietcong.exe | "TCP Query User{A8C06EC3-199E-44DB-A16E-FB216D42D4A5}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | "TCP Query User{A9B98AB7-7843-441F-9A76-B192CBDBD773}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | "TCP Query User{B7E9C274-AB78-4068-AC08-F46EF8B250E9}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | "TCP Query User{BA3146DD-142C-454C-8AC3-1A36FE6776C2}D:\spiele\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=d:\spiele\13th century - death or glory\engine.exe | "TCP Query User{BDDDAE98-77A7-4A00-9594-549043FE8646}D:\spiele\galcon\main.exe" = protocol=6 | dir=in | app=d:\spiele\galcon\main.exe | "TCP Query User{C1E223DC-9680-49AB-A07C-3D72AD1DE369}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | "TCP Query User{C8CCF0D7-61FC-44D6-97AE-849C3338FB38}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | "TCP Query User{CCA1BB07-0832-475D-9505-3870BE6F607A}D:\spiele\cs1.6\hltv.exe" = protocol=6 | dir=in | app=d:\spiele\cs1.6\hltv.exe | "TCP Query User{CDE9AF7E-6E84-4F44-86F3-4EB8D0B0A314}D:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | "TCP Query User{CE66D768-5153-48AD-A26E-C7BB1C7AF38D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E1B62082-6CF0-486E-881C-51230DCB9F42}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | "TCP Query User{E1DDEE02-F3FD-4A10-BF49-E03A7C9DA3F8}D:\spiele\galcon\main.exe" = protocol=6 | dir=in | app=d:\spiele\galcon\main.exe | "TCP Query User{E46478C5-A6D6-4D11-83C9-F7B09D4DA910}D:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe | "TCP Query User{E6EBA7EA-645D-4A29-9239-917FA22BD161}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{ED116785-C87D-49EA-852A-FFEB006E2407}D:\spiele\aoe 2\spcrack.exe" = protocol=6 | dir=in | app=d:\spiele\aoe 2\spcrack.exe | "TCP Query User{F291FACB-59C1-433B-A24A-A98C27DEF110}D:\spiele\dk ii\dkii.exe" = protocol=6 | dir=in | app=d:\spiele\dk ii\dkii.exe | "TCP Query User{F5C795D2-14BC-4CAC-A808-67FDA36AC70A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{FF4B6C6F-FCB7-46B5-8C14-CC225D199720}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{08DBCF96-38B9-453E-A224-3DEFC604D0AE}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "UDP Query User{1ADC32F8-BE3D-43ED-B97C-7050B0925506}D:\spiele\freelancer\exe2\freelancer.exe" = protocol=17 | dir=in | app=d:\spiele\freelancer\exe2\freelancer.exe | "UDP Query User{1FBA1C99-AEB4-4AD5-8D96-DFFC4F52E8B2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{21915928-E951-4924-B73B-545A24EA2DF9}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | "UDP Query User{28DC6E8B-D771-4D1D-903E-DF8F5D0749B7}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "UDP Query User{34AEB369-BED6-4C36-9A86-548246413909}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | "UDP Query User{34DB0A9B-9764-4CB5-9EF6-297F8C3BA828}D:\spiele\call of duty ii\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty ii\cod2mp_s.exe | "UDP Query User{3594B206-3D56-4038-A8F3-068B8CFAA47B}D:\spiele\warhammer 40000 dawn of war\w40k.exe" = protocol=17 | dir=in | app=d:\spiele\warhammer 40000 dawn of war\w40k.exe | "UDP Query User{382F61E3-2FC1-4490-BF8E-443D59AFC581}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{3AF52015-2F46-497F-863A-374AAA70B866}D:\spiele\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=d:\spiele\13th century - death or glory\engine.exe | "UDP Query User{405ED813-B761-4ACE-8510-31D46EC4C228}D:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | "UDP Query User{4974F2F3-97B2-46F5-BFB0-CC604F13905D}D:\spiele\warcraft iii original\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | "UDP Query User{5F511B0F-F8AB-41AB-899A-1EC16E761FCC}D:\spiele\cs1.6\hltv.exe" = protocol=17 | dir=in | app=d:\spiele\cs1.6\hltv.exe | "UDP Query User{62B85A85-09D3-436F-ACAD-03CA5B8C0E96}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{668C6FA3-687F-4386-93DF-E047CA2ABE16}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{672119E9-E229-4736-B681-89CD70FC15CF}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | "UDP Query User{6BCE4465-E781-4E95-B9D9-C3BE866F074C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{71B82035-1794-46EC-8E12-949F0505EC29}D:\spiele\vietcong\vietcong.exe" = protocol=17 | dir=in | app=d:\spiele\vietcong\vietcong.exe | "UDP Query User{84FDDBBE-9FFC-4537-9440-35CA1255B3C4}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | "UDP Query User{87DCBC23-485A-4B28-859B-76D4EFE1D986}D:\spiele\cs1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs1.6\hl.exe | "UDP Query User{8B8C413F-0EB1-49A5-BF9D-DB531C938D9F}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | "UDP Query User{8F8012FA-F18F-4596-A7FB-A5A21CA790E3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{908B812D-A51C-4D34-AFD9-2CCB9CDECC46}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{96334E5B-AAEB-43DD-8AB2-59C0EC9D6F3A}D:\spiele\aoe 2\spcrack.exe" = protocol=17 | dir=in | app=d:\spiele\aoe 2\spcrack.exe | "UDP Query User{A0CFC53A-8245-4C36-A864-347795C8F806}D:\spiele\counterstrike 1.6\hltv.exe" = protocol=17 | dir=in | app=d:\spiele\counterstrike 1.6\hltv.exe | "UDP Query User{B28F1F1A-28EF-4749-909F-6357FE910429}D:\spiele\cs1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs1.6\hl.exe | "UDP Query User{B3767C66-C50D-468E-8146-3501DBDA9327}D:\spiele\aoe 2\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\aoe 2\age2_x1.exe | "UDP Query User{B54A0FA7-0ACC-4544-8A43-D27EEEB455DC}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | "UDP Query User{BB7B4992-64A8-4F66-9A8A-6F8F82208EC1}D:\spiele\renegade\game.exe" = protocol=17 | dir=in | app=d:\spiele\renegade\game.exe | "UDP Query User{C46F037A-2770-4963-BA3E-E89425DCC1F7}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | "UDP Query User{C8ADBCCA-DD77-48CA-B321-6B1573D3C9FE}D:\spiele\galcon\main.exe" = protocol=17 | dir=in | app=d:\spiele\galcon\main.exe | "UDP Query User{C96AA8AA-9D85-4B88-B650-D9D7589BB624}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{CB147287-156C-4356-BCBB-931B9701DFA2}D:\spiele\dk ii\dkii.exe" = protocol=17 | dir=in | app=d:\spiele\dk ii\dkii.exe | "UDP Query User{D85F26A7-24AE-42E4-8A27-F6E6CF8C9425}D:\spiele\warcraft iii original\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | "UDP Query User{D94FD66D-0E07-4C4D-BBD5-9EAAA6B74846}D:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe | "UDP Query User{E143DAC6-F57B-44AC-8D55-5757C74BCE4C}D:\spiele\homm iii\h3blade.exe" = protocol=17 | dir=in | app=d:\spiele\homm iii\h3blade.exe | "UDP Query User{E2314880-BC38-4FD2-939B-766F08BEBD06}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | "UDP Query User{E4C9D7B7-E6A1-42E1-9944-591DDA576B5F}D:\spiele\codename eagle\ce 1.42\iplist.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\iplist.exe | "UDP Query User{EAFC67BF-A309-49D4-AD78-5B079AFCAD12}D:\spiele\vietcong\vietcong.exe" = protocol=17 | dir=in | app=d:\spiele\vietcong\vietcong.exe | "UDP Query User{F2D36EB0-E12F-4662-94F9-16766820A26E}D:\spiele\galcon\main.exe" = protocol=17 | dir=in | app=d:\spiele\galcon\main.exe | "UDP Query User{FAD5495A-53EE-4F06-BE63-9A8B8DA9DD24}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish "{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26 "{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing "{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional "{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French "{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5 "{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian "{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek "{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian "{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish "{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian "{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German "{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek "{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish "{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish "{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean "{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard "{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation "{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese "{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins "{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish "{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard "{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.58.429 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish "{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish "{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01 "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver "{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch "Acer Acer Bio Protection 6.0.00.13" = Acer Bio Protection AAV 6.0.00.13 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "AP Tuner 3.08" = AP Tuner 3.08 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BIMPLite" = BIMP Lite 1.62 "CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only) "Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1 "DAEMON Tools Lite" = DAEMON Tools Lite "Dungeon Keeper 2" = Dungeon Keeper 2 "Galcon_is1" = Galcon 1.0 "GridVista" = Acer GridVista "Guitar Pro 5_is1" = Guitar Pro 5.0 "HaaliMkx" = Haali Media Splitter "Hamachi" = Hamachi 1.0.3.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "LManager" = Launch Manager "Mediscript-CD GK1" = Mediscript-CD GK1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MiKTeX 2.7" = MiKTeX 2.7 "Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de) "Network Addon Mod" = Network Addon Mod Version April 2008 deutsch "Orbit_is1" = Orbit Downloader "pdfsam" = pdfsam "ScreenshotCaptor_is1" = Screenshot Captor 2.89.01 "Sobotta 22 - Atlas der Anatomie" = Sobotta 22 - Atlas der Anatomie "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass) "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.7 "Warcraft III" = Warcraft III "Winamp" = Winamp "WinPcapInst" = WinPcap 4.0.2 "WinRAR archiver" = WinRAR "WMV9_VCM" = Microsoft Windows Media Video 9 VCM ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: All Products "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.05.2010 13:58:12 | Computer Name = Michi-PC | Source = WinMgmt | ID = 10 Description = Error - 11.05.2010 13:58:25 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 11.05.2010 13:58:25 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 11.05.2010 17:15:43 | Computer Name = Michi-PC | Source = EventSystem | ID = 4621 Description = Error - 12.05.2010 05:09:07 | Computer Name = Michi-PC | Source = WinMgmt | ID = 10 Description = Error - 12.05.2010 05:09:13 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 12.05.2010 05:09:13 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13.05.2010 07:36:38 | Computer Name = Michi-PC | Source = WinMgmt | ID = 10 Description = Error - 13.05.2010 07:36:48 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13.05.2010 07:36:48 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
09.02.2012, 19:13 | #3 |
| "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." Ich glaube mir ist beim OTL.txt-Upload ein Fehler unterlaufen, da dort überall diese grünen Formatierungszeichen auftauchen, deshalb nun noch einmal als Anhang. Sollten diese Zeichen bedeutungslos sein, möchte ich mich für den double-post entschuldigen.
__________________Liebe Grüße P.S. Ich bin der einzige User, der auf dem Rechner existiert. Hatte offenbar nicht das Häkchen bei "alle Benutzer scannen" gesetzt. Nochmal machen? Code:
ATTFilter OTL logfile created on: 09.02.2012 15:58:59 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,26% Memory free 6,19 Gb Paging File | 5,92 Gb Available in Paging File | 95,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 12,44 Gb Free Space | 11,17% Space Free | Partition Type: NTFS Drive D: | 105,90 Gb Total Space | 17,85 Gb Free Space | 16,86% Space Free | Partition Type: NTFS Drive E: | 486,17 Mb Total Space | 311,50 Mb Free Space | 64,07% Space Free | Partition Type: FAT Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.08.30 22:25:44 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.01 09:28:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.04 15:46:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.25 01:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008.06.06 00:50:43 | 003,488,768 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008.04.27 21:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.11.06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007.10.03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - [2011.07.01 09:28:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 09:28:49 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.02.08 15:36:07 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2011.02.08 13:44:14 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2009.08.18 12:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.08.18 12:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.07.21 16:01:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.21 16:01:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.17 22:03:01 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.07.14 16:13:05 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.06.06 00:50:38 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.05.08 18:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.02 16:27:48 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.27 21:27:10 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.04.11 10:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.21 09:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.03.11 12:38:00 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.02.29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2008.01.08 20:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.11.06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.09.28 11:47:48 | 000,283,776 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ixquick" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://ixquick.com" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.03 23:10:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.16 10:51:51 | 000,000,000 | ---D | M] [2008.07.09 20:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2011.12.10 17:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions [2010.06.29 16:03:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.03.11 18:30:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions\moveplayer@movenetworks.com [2011.12.04 09:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.16 15:12:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ABCY3N4I.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI () (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ABCY3N4I.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI [2012.02.03 23:10:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.02.03 23:09:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.03 23:09:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.03 23:09:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.03 23:09:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.03 23:09:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.03 23:09:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [ffdwnd] C:\Users\Michi\AppData\Local\Mozilla\Firefox\firefox.exe (3M Touch Systems, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66165F62-E6BB-4001-BF06-4889D5E6DED5}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD7856F4-D82E-4C02-8D42-4352438CF09B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Michi\Pictures\Wallpaper\Donavon 1 1280x1024.jpg O24 - Desktop BackupWallPaper: C:\Users\Michi\Pictures\Wallpaper\Donavon 1 1280x1024.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{05338666-3363-11e0-ada5-00a0d1a71c70}\Shell - "" = AutoRun O33 - MountPoints2\{05338666-3363-11e0-ada5-00a0d1a71c70}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE O33 - MountPoints2\{1339903c-65a4-11dd-bbfc-00a0d1a71c70}\Shell - "" = AutoRun O33 - MountPoints2\{1339903c-65a4-11dd-bbfc-00a0d1a71c70}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{768c61f8-2019-11de-ad13-00a0d1a71c70}\Shell\AutoRun\command - "" = G:\ScopeViewer.exe O33 - MountPoints2\{83c4db34-51b7-11dd-8ecc-00a0d1a71c70}\Shell - "" = AutoRun O33 - MountPoints2\{83c4db34-51b7-11dd-8ecc-00a0d1a71c70}\Shell\AutoRun\command - "" = E:\autorun.exe -auto O33 - MountPoints2\{8cf06e1b-7255-11e0-bc52-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{8cf06e1b-7255-11e0-bc52-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{caf341d8-c3ce-11de-a7be-00a0d1a71c70}\Shell - "" = AutoRun O33 - MountPoints2\{caf341d8-c3ce-11de-a7be-00a0d1a71c70}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{e6192026-655e-11dd-b9c7-001de0c47b99}\Shell - "" = AutoRun O33 - MountPoints2\{e6192026-655e-11dd-b9c7-001de0c47b99}\Shell\AutoRun\command - "" = H:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk - - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) MsConfig - StartUpReg: MobileConnect - hkey= - key= - File not found MsConfig - StartUpReg: Orb - hkey= - key= - File not found MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.09 15:36:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2012.02.05 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\Bilder [3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Michi\AppData\Roaming\*.tmp files -> C:\Users\Michi\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.09 15:52:43 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.09 15:52:43 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.09 15:52:43 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.09 15:52:43 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.09 15:50:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.09 15:49:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.09 15:48:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.02.09 15:48:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.09 15:48:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Michi\AppData\Roaming\*.tmp files -> C:\Users\Michi\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.10 14:26:33 | 000,000,036 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\blckdom.res [2011.10.14 00:32:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.01.18 19:09:03 | 000,000,058 | ---- | C] () -- C:\Users\Michi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010.02.07 14:57:11 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2009.09.24 10:25:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 10:25:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.21 16:01:05 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.21 16:01:05 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.04.08 16:46:18 | 000,000,202 | ---- | C] () -- C:\Windows\System32\IC32.INI [2009.01.22 21:15:11 | 000,001,910 | ---- | C] () -- C:\Windows\CDPLAYER.INI [2008.12.23 17:37:49 | 000,000,771 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\coreavc.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.08.30 18:16:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.08.22 12:08:44 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2008.08.18 15:14:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.10 15:42:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.08.10 15:22:59 | 000,111,608 | ---- | C] () -- C:\Windows\War3Unin.dat [2008.07.21 23:09:31 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI [2008.07.14 16:16:31 | 000,000,680 | ---- | C] () -- C:\Users\Michi\AppData\Local\d3d9caps.dat [2008.07.14 16:06:01 | 000,001,191 | ---- | C] () -- C:\Windows\eReg.dat [2008.07.12 16:56:22 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.07.09 20:29:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.07.09 17:17:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2008.07.08 16:38:10 | 000,183,296 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.12 19:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.06.06 00:55:07 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.06.06 00:55:07 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe [2008.06.06 00:55:07 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2008.06.06 00:51:06 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.06.06 00:42:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.05.16 06:50:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.05.16 06:50:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.05.16 06:50:44 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.05.16 06:50:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.04.12 06:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.04.12 06:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.03.28 20:22:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.03.28 20:22:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.03.28 19:29:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.03.28 19:25:31 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.03.28 19:21:05 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.03.28 19:21:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.03.28 19:19:46 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.03.28 11:58:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.01.21 08:15:58 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007.04.24 17:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,315,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.02.13 18:22:53 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Roaming\.# [2011.10.23 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\1&1 Mail & Media GmbH [2008.07.11 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Acer [2008.03.28 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Acer GameZone Console [2008.08.09 05:54:11 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Ashampoo [2011.10.07 12:24:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\CPUControl [2008.08.16 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Crazy Browser [2008.07.14 16:12:47 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DAEMON Tools [2011.02.08 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DAEMON Tools Lite [2011.01.18 19:09:03 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DonationCoder [2008.07.10 15:12:12 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\eSobi [2009.01.22 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\FinalBurner AudioCD Ripper [2009.03.12 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\FloodLightGames [2008.12.22 13:43:03 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Galcon [2011.03.23 15:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\GrabPro [2011.08.03 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICQ [2011.12.10 14:26:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\kock [2011.11.02 16:23:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LolClient [2009.09.14 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org [2011.03.23 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Orbit [2009.09.15 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\PlayFirst [2011.03.23 15:26:44 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ProgSense [2010.10.26 21:44:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ProtectDISC [2011.08.03 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Steinberg [2011.12.16 15:07:39 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\UAs [2009.07.21 16:36:40 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Ubisoft [2008.07.08 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Validity [2011.04.29 12:49:36 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Vodafone [2011.12.10 14:26:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\xmldm [2012.02.09 15:49:30 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.08 13:25:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.06.06 01:46:59 | 000,000,000 | ---D | M] -- C:\ACER [2008.07.08 16:25:24 | 000,000,000 | ---D | M] -- C:\ACERSW [2008.07.09 17:07:10 | 000,000,000 | ---D | M] -- C:\Anderes [2009.10.04 13:19:13 | 000,000,000 | -HSD | M] -- C:\Boot [2008.06.06 01:03:56 | 000,000,000 | ---D | M] -- C:\CLSetup [2012.01.04 22:25:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.07.08 16:21:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.03.28 19:12:56 | 000,000,000 | ---D | M] -- C:\Intel [2008.03.28 19:45:25 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.01.03 21:54:54 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.02 10:20:27 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.07.08 16:21:20 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.14 00:32:19 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2012.02.09 13:34:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.07.12 17:13:27 | 000,000,000 | ---D | M] -- C:\TEMP [2008.07.08 16:25:09 | 000,000,000 | R--D | M] -- C:\Users [2012.02.09 15:14:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 21:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.07.14 16:13:05 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2009.09.14 16:17:01 | 000,000,853 | ---- | M] () -- C:\Users\Michi\.recently-used.xbel [2012.02.09 16:01:18 | 004,718,592 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT [2012.02.09 16:01:17 | 000,262,144 | -H-- | M] () -- C:\Users\Michi\ntuser.dat.LOG1 [2008.07.08 16:25:09 | 000,000,000 | -H-- | M] () -- C:\Users\Michi\ntuser.dat.LOG2 [2012.02.09 15:49:29 | 000,065,536 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.25 09:23:49 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.02.09 15:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.07.08 16:25:09 | 000,000,020 | -HS- | M] () -- C:\Users\Michi\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8 < End of report > Geändert von JimBob21 (09.02.2012 um 19:16 Uhr) Grund: siehe post-scriptum |
Themen zu "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." |
adobe, alternate, antivir, autorun, avira, bho, defender, downloader, excel.exe, explorer, firefox, format, helper, home, launch, logfile, nvidia, nvstor.sys, pando media booster, pdf, plug-in, popup, programme, realtek, registry, required, rundll, scan, software, virus, vista, vodafone, winlogon.exe, wurde ihr |