Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?

S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?


Log-Analyse und Auswertung: S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.07.2012, 10:55   #1
Herr Heiner
 
S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? - Standard

S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?


Hallo liebe Leute,

ich habe mir gestern den SMART Repair Virus eingefangen.
Beim Surfen fragte eine unbekannte .exe-Datei (irgendwas mit aol) nach Erlaubnis, Veränderungen am Computer durchzuführen, bei "Nein" kam die Meldung sofort wieder. Habe dann einen Suchlauf mit Avira durchgeführt, der gleich etwas gefunden und gelöscht hat (habe die Meldung aber jetzt bei den Berichten nicht mehr gefunden), kurz darauf startete dann der SMART Virus mit seiner Show. Ein Avira Durchlauf gab dann nur eine Warnung aus, dass es eine Datei nicht öffnen konnte (ebenjene).
Ich habe dann den Computer im sicheren Modus neu gestartet und eine Systemwiederherstellung auf den Stand von vor ein paar Tagen durchgeführt.
Jetzt läuft soweit wieder alles, nur sind natürlich alle Daten versteckt (habe den Fix, den ich hier dazu gefunden habe, noch nicht durchgeführt).

Ich fürchte, das Problem ist damit aber nicht mit Sicherheit aus der Welt, stimmt das? Muss ich, wenn alles (hoffentlich) bereinigt ist, sonst noch irgendwas beachten? Etwa Passwörter ändern o.ä.?

Ich hoffe, ich habe beim Erstellen nichts vergessen.
Vielen Dank im Voraus!



Defogger habe ich durchgeführt, Fehlermeldung kam keine.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 04.07.2012 09:21:06 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Mathias\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free
5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS
 
Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.11 09:29:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.11 09:29:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.27 06:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.08.26 20:07:24 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.08.26 20:07:20 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.23 14:38:42 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2009.01.18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2007.11.16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 22:51:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.11 09:18:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.08.23 00:33:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.11 09:29:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.11 09:29:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {C4654FC7-7709-4DF2-A65C-B5B887A4ED99}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C4654FC7-7709-4DF2-A65C-B5B887A4ED99}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 20:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.03 22:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 15:32:57 | 000,000,000 | ---D | M]
 
[2011.08.22 23:36:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2012.07.03 22:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions
[2012.07.03 22:43:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.03 22:43:48 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com
[2012.05.11 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.11 09:18:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.10 19:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.28 08:38:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.28 08:38:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.28 08:38:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.28 08:38:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.28 08:38:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.28 08:38:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D590A-07D6-4927-9591-6D2570E914EE}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 09:11:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.07.03 20:05:12 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.06.25 22:56:42 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\PDF24
[2012.06.25 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.06.25 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.06.22 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics
[2012.06.22 09:14:22 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\Desktop\Study Aid etc
[2012.06.15 08:39:32 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\Macromedia
[2012.06.11 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\AskToolbar
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 09:18:48 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable
[2012.07.04 09:12:32 | 000,302,592 | ---- | M] () -- C:\Users\Mathias\Desktop\vomherxq.exe
[2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.07.04 09:11:43 | 000,050,477 | ---- | M] () -- C:\Users\Mathias\Desktop\Defogger.exe
[2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 09:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.04 09:01:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 09:00:47 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.03 20:05:20 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr
[2012.07.03 20:05:20 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc
[2012.07.03 20:05:08 | 000,000,256 | -H-- | M] () -- C:\ProgramData\MYC7NlSPONnkXc
[2012.07.01 21:36:22 | 000,039,914 | -H-- | M] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf
[2012.06.14 22:33:58 | 000,361,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.14 09:40:44 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.14 09:40:44 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 09:40:44 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.14 09:40:44 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.05 10:07:19 | 000,001,061 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.05 10:07:09 | 000,001,033 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.04 09:18:48 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable
[2012.07.04 09:12:32 | 000,302,592 | ---- | C] () -- C:\Users\Mathias\Desktop\vomherxq.exe
[2012.07.04 09:11:42 | 000,050,477 | ---- | C] () -- C:\Users\Mathias\Desktop\Defogger.exe
[2012.07.03 20:05:20 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXcr
[2012.07.03 20:05:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXc
[2012.07.03 20:05:07 | 000,000,256 | -H-- | C] () -- C:\ProgramData\MYC7NlSPONnkXc
[2012.07.01 21:36:22 | 000,039,914 | -H-- | C] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf
[2012.06.25 22:20:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.06.25 22:20:02 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx
[2011.10.07 12:28:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.07 12:28:40 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT
[2011.08.22 23:23:25 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat
[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.08.22 06:17:52 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011.08.22 00:10:48 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.08.21 23:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.21 21:47:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.08.21 21:47:15 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2011.08.21 21:47:13 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011.08.21 21:45:04 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011.08.21 21:45:04 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011.08.21 21:45:04 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.06.22 10:43:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll
[2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
 
========== LOP Check ==========
 
[2012.06.28 23:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.anki
[2012.06.28 16:23:54 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib
[2011.08.22 00:07:43 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console
[2012.07.04 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox
[2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org
[2011.08.22 00:07:44 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema
[2009.07.14 06:53:46 | 000,029,170 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 04.07.2012 09:21:06 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Mathias\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free
5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS
 
Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F00A9D-185A-4D10-9228-C14B00318A8F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0780777C-D603-4F23-8858-FB7DB99401F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{153C1696-EA3B-4CF0-BBBB-C0B6B0A43231}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3F435D3E-12B6-48B1-800D-EFA2D2228933}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48484C6C-A1E6-47A3-83D3-B9410C03AA11}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{520474FF-B823-4E9E-84E8-E33119EF4355}" = lport=137 | protocol=17 | dir=in | app=system | 
"{55F3330D-6319-45D3-832E-6E816E844D1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{56170BA2-551D-435C-BE23-9618798C6CF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B5E672C-5D68-4BE8-9323-4918DA8CC8A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6C382540-1D6A-4F8C-97F4-F7523C1BCE57}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{71956D23-D9DF-474F-BB07-08EB1DAF33F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9253A523-4691-4BE6-8405-F5E5FF113817}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{93AA3420-11D8-40C5-975B-824C5874B4CF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9AEDF331-C7AF-48F4-AF3A-6E234DC95A95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC79484D-3DB0-49D9-B86C-703F68CD1BD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B4590DCF-3773-4270-A239-5AC4895B5379}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BA7724CC-F90E-4D81-B01C-519EDA91AC34}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4FFF1D1-B312-4F41-9A61-07C532F17A0A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D61493B3-FEC3-41E8-8624-66E62DCA1A7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF893A1A-2A35-4272-801A-870518F44060}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF8F0146-6A0D-4018-85A2-42AB22D44048}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ECD2B67A-9503-4742-825A-3280DE50B891}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F723BAE0-271F-4B36-A8C9-A206BC02ED99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01812F4C-05C0-49DE-9EF1-8310566E3AF5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0DB4F180-E3D0-4029-B3D9-5F5B3AAEAF90}" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1313DC88-43E4-43F0-9E0B-E1A24147BF4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{22955B12-C94D-4F55-A605-2D6BFED9EA8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2E5F32AD-6497-41BE-A217-CAC31848A3DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B75AB01-24D9-4683-B3D1-81A6FC7E9745}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{49F1200A-67B8-41E0-84B8-76A9C39BB436}" = protocol=6 | dir=out | app=system | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{61846197-4A36-4066-BFBE-5C25B4C62B19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6904E211-8DA3-4955-A21A-C53989AA85D2}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6BCD1C50-894C-41C5-A467-41DE5BE77B3D}" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{90A932C0-74AD-4B78-A0AE-4542937CF962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{950EAF1C-9823-49DF-93E1-EB09B259CD74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2366D76-05E3-49DA-BCA1-F99553DA6F6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A2F69815-1078-4016-B1D4-89B6312C28FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B1AD0714-6EC5-4530-B61B-C22794343030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B2E7A0F8-0B5B-4528-8E35-CEF1D8885FD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8EDCBEC-700B-4D19-920E-A674346B4DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C5EA0BAE-7DE3-4691-A83B-05A0EEFFDEE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C77CDDAE-17C5-4019-9313-145E140472DD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{D7E60BED-8C9C-4635-A57F-2F8CBD53D905}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DB2510C8-A74B-4F21-828F-3DAE6BB3B947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED6668AE-187A-4388-8840-D6CF18126208}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FAB4A4D9-123F-4A2A-AEF6-71813D6CFCB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{62C17BEA-48BB-4689-9F62-A51FCB70F01F}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{014349F4-2F45-481C-BDA9-BBFF40927DEE}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033F0CE1-B6FC-EC7A-7914-81F14C8DBA0F}" = Catalyst Control Center Core Implementation
"{05B95480-732A-1081-8A94-D924326AF36F}" = CCC Help English
"{0945589B-6CC4-FA00-3CBE-BD6028B26063}" = CCC Help Turkish
"{0EAE6EF9-010E-0734-D0A0-2BB8040F90EA}" = CCC Help French
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{133C8002-B64F-C9E7-7DAC-21BAE58DC041}" = CCC Help Russian
"{150715F0-2800-A3C5-836E-F4F98AE3A775}" = ccc-core-static
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EFABF6-7373-7755-4EA4-5240E7CCEEF7}" = Catalyst Control Center Graphics Previews Vista
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{270629EB-D776-04FC-0631-256177B7A021}" = CCC Help Swedish
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29D2987A-9FBC-1BD3-E463-12D50D94DBFC}" = Catalyst Control Center Graphics Full New
"{2AB22900-5718-4617-523B-9DFDECB4749D}" = CCC Help Italian
"{3956AEA0-9299-CA45-5BF1-5A721F8E3A21}" = CCC Help Chinese Traditional
"{3C152296-D7E4-59F4-B07E-43587CE985FE}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{502D4628-92AD-416A-0580-00D64320DBB7}" = ATI Catalyst Install Manager
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{66CB1DC8-FBA1-7436-08F3-061F7CB72C80}" = Skins
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C497312-7C1E-BB3C-D143-B8FD0C894CF1}" = CCC Help Polish
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88FC0C01-E4AA-3C3E-4612-3F11E69EF188}" = CCC Help German
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E3A37D-D424-C725-E06A-71C1151F682A}" = CCC Help Finnish
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{A141F87A-A73B-368D-AB65-A997B3D1D2C4}" = CCC Help Spanish
"{AAD2CA33-F716-4D1B-31F9-B52A847C4AF1}" = CCC Help Hungarian
"{AB104276-19BC-D12E-90EE-D358003A4EAF}" = CCC Help Greek
"{ABBD20D8-60E7-885B-734A-DE745BFDF43B}" = CCC Help Czech
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEE701D3-6AF7-A8D5-145E-D0C01D528FAD}" = ccc-utility
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5080F69-EE95-49DC-F8A1-B7CBB2B5028D}" = CCC Help Korean
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CB5308-3B67-9861-97F5-0EB31CE21E63}" = CCC Help Chinese Standard
"{B7020783-0AB1-8D67-E850-673BD0C61E7F}" = CCC Help Thai
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0354121-07AF-DE06-1D0F-7490EFE2F67A}" = Catalyst Control Center Graphics Full Existing
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{DA163DB8-C795-9EF2-7CF2-8B570BA9E39E}" = CCC Help Portuguese
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E36BE564-B727-A80D-E9F0-7FFEB69120E5}" = CCC Help Dutch
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5A56A6C-7656-969C-457A-E7600A6F169B}" = Catalyst Control Center Graphics Light
"{E5D9A29A-8903-968F-6394-CB8CC151084C}" = Catalyst Control Center Localization All
"{EE03DA2C-2154-7298-4461-F76C615932A9}" = CCC Help Japanese
"{EE9DEA81-3B77-7135-0E5B-B8C3092FE88A}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488
Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Mail\Calendars\***@hotmail.com\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows
 Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.pat" zu
 erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
 Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217
Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Mail\Calendars\***@hotmail.com\: Fehler (-1032) während der Sicherung
 einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.edb).
 Die Datenbank kann nicht wiederhergestellt werden.
 
Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215
Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Mail\Calendars\***@hotmail.com\: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows
 Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.pat" zu erstellen,
 ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler
 -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Fehler (-1032) während der Sicherung
 einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.edb).
 Die Datenbank kann nicht wiederhergestellt werden.
 
Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows
 Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.pat" zu erstellen,
 ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler
 -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Fehler (-1032) während der Sicherung
 einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.edb).
 Die Datenbank kann nicht wiederhergestellt werden.
 
Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
 Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 04.07.2012 03:02:34 | Computer Name = Mathias-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.03.2012 14:11:10 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit 
dem Computer mit der  Netzwerkhardwareadresse 00-03-91-B6-E1-E3 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 26.03.2012 18:01:04 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.03.2012 12:59:38 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.03.2012 13:42:35 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.03.2012 13:51:37 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem
 Computer mit der  Netzwerkhardwareadresse 70-1A-04-45-CB-37 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 27.03.2012 15:36:12 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.03.2012 17:12:43 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.03.2012 18:07:10 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
gmer.txt:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 11:28:43
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: vomherxq.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\kwriqkog.sys


---- System - GMER 1.0.15 ----

SSDT            900C8A2E                                   ZwCreateSection
SSDT            900C8A38                                   ZwRequestWaitReplyPort
SSDT            900C8A33                                   ZwSetContextThread
SSDT            900C8A3D                                   ZwSetSecurityObject
SSDT            900C8A42                                   ZwSystemDebugControl
SSDT            900C89CF                                   ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9  83290599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2     832B5092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340        832BC990 4 Bytes  [2E, 8A, 0C, 90] {MOV CL, CS:[EAX+EDX*4]}
.text           ntkrnlpa.exe!RtlSidHashLookup + 69C        832BCCEC 4 Bytes  [38, 8A, 0C, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0        832BCD30 4 Bytes  [33, 8A, 0C, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 75C        832BCDAC 4 Bytes  [3D, 8A, 0C, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B0        832BCE00 4 Bytes  [42, 8A, 0C, 90] {INC EDX; MOV CL, [EAX+EDX*4]}
.text           ...                                        
.text           C:\Windows\system32\DRIVERS\atikmdag.sys   section is writeable [0x91431000, 0x2D5378, 0xE8000020]
PAGE            peauth.sys                                 A1047B9B 72 Bytes  [20, 55, 58, EA, 21, 76, B4, ...]
PAGE            peauth.sys                                 A104802C 102 Bytes  CALL BE117902 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                   fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

Themen zu S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?
7-zip, antivir, avira, avira searchfree toolbar, bho, bonjour, computer, error, firefox, flash player, helper, home, install.exe, ip-adresse, launch, locker, logfile, microsoft office word, mozilla, mywinlocker, nicht öffnen, plug-in, popup, problem, realtek, registry, scan, searchscopes, security, senden, software, svchost.exe, usb 2.0, virus, warnung, windows, zugriff verweigert, ändern


« GVU Trojaner 2.07 unter win7 64 bit eingefangen | Bundespolizei- Ihr Computer ist gesperrt »


Ähnliche Themen: S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?


  1. GVU Trojaner, Win 7, Systemwiederherstellung durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (11)
  2. System Repair Virus
    Log-Analyse und Auswertung - 20.03.2013 (2)
  3. system repair virus
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (35)
  4. Virus system repair
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (27)
  5. Windows System Repair Virus
    Log-Analyse und Auswertung - 26.02.2013 (17)
  6. GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt.
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (17)
  7. Wie lösche ich endgültig den GVU-Trojaner? Systemwiederherstellung bereits durchgeführt.
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (1)
  8. Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
    Log-Analyse und Auswertung - 20.09.2012 (47)
  9. BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?
    Log-Analyse und Auswertung - 26.07.2012 (1)
  10. BKA-Trojaner / Systemwiederherstellung durchgeführt / OTL.txt & EXTRAS.txt
    Log-Analyse und Auswertung - 25.07.2012 (2)
  11. Hatte einen Virus oder Wurm und habe Systemwiederherstellung durchgeführt!
    Log-Analyse und Auswertung - 23.07.2012 (1)
  12. Bundespolizei-Trojaner - Systemwiederherstellung durchgeführt - Sytem sauber? logs inside
    Log-Analyse und Auswertung - 19.07.2012 (28)
  13. S.M.A.R.T. HDD Virus - Repair Recovery
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  14. Trojaner 'System check' eingefangen, Sony Vaio Systemwiederherstellung durchgeführt -> ausreichend?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (4)
  15. Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm
    Log-Analyse und Auswertung - 02.03.2012 (27)
  16. System repair Virus
    Log-Analyse und Auswertung - 18.07.2011 (2)
  17. system repair virus
    Plagegeister aller Art und deren Bekämpfung - 16.07.2011 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? - Hallo liebe Leute, ich habe mir gestern den SMART Repair Virus eingefangen. Beim Surfen fragte eine unbekannte .exe-Datei (irgendwas mit aol) nach Erlaubnis, Veränderungen am Computer durchzuführen, bei "Nein" kam - S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?...
Archiv
Du betrachtest: S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131