![]() |
|
Log-Analyse und Auswertung: S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Hallo liebe Leute, ich habe mir gestern den SMART Repair Virus eingefangen. Beim Surfen fragte eine unbekannte .exe-Datei (irgendwas mit aol) nach Erlaubnis, Veränderungen am Computer durchzuführen, bei "Nein" kam die Meldung sofort wieder. Habe dann einen Suchlauf mit Avira durchgeführt, der gleich etwas gefunden und gelöscht hat (habe die Meldung aber jetzt bei den Berichten nicht mehr gefunden), kurz darauf startete dann der SMART Virus mit seiner Show. Ein Avira Durchlauf gab dann nur eine Warnung aus, dass es eine Datei nicht öffnen konnte (ebenjene). Ich habe dann den Computer im sicheren Modus neu gestartet und eine Systemwiederherstellung auf den Stand von vor ein paar Tagen durchgeführt. Jetzt läuft soweit wieder alles, nur sind natürlich alle Daten versteckt (habe den Fix, den ich hier dazu gefunden habe, noch nicht durchgeführt). Ich fürchte, das Problem ist damit aber nicht mit Sicherheit aus der Welt, stimmt das? Muss ich, wenn alles (hoffentlich) bereinigt ist, sonst noch irgendwas beachten? Etwa Passwörter ändern o.ä.? Ich hoffe, ich habe beim Erstellen nichts vergessen. ![]() Vielen Dank im Voraus! Defogger habe ich durchgeführt, Fehlermeldung kam keine. OTL.txt: Code:
ATTFilter OTL logfile created on: 04.07.2012 09:21:06 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mathias\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free 5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.11 09:29:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 09:29:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.27 06:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.08.26 20:07:24 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.08.26 20:07:20 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ========== Modules (No Company Name) ========== MOD - [2011.08.23 14:38:42 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2009.01.18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll MOD - [2007.11.16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll MOD - [2007.11.16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.03 22:51:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 09:18:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.08.23 00:33:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.05.11 09:29:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.11 09:29:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {C4654FC7-7709-4DF2-A65C-B5B887A4ED99} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C4654FC7-7709-4DF2-A65C-B5B887A4ED99}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 20:50:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.03 22:43:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 15:32:57 | 000,000,000 | ---D | M] [2011.08.22 23:36:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2012.07.03 22:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions [2012.07.03 22:43:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.03 22:43:48 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com [2012.05.11 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.11 09:18:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.10 19:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.28 08:38:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 08:38:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.28 08:38:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 08:38:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 08:38:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 08:38:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D590A-07D6-4927-9591-6D2570E914EE}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 09:11:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.07.03 20:05:12 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.25 22:56:42 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\PDF24 [2012.06.25 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.06.25 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2012.06.22 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics [2012.06.22 09:14:22 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\Desktop\Study Aid etc [2012.06.15 08:39:32 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\Macromedia [2012.06.11 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\AskToolbar ========== Files - Modified Within 30 Days ========== [2012.07.04 09:18:48 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable [2012.07.04 09:12:32 | 000,302,592 | ---- | M] () -- C:\Users\Mathias\Desktop\vomherxq.exe [2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.07.04 09:11:43 | 000,050,477 | ---- | M] () -- C:\Users\Mathias\Desktop\Defogger.exe [2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 09:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.04 09:01:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 09:00:47 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys [2012.07.03 20:05:20 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr [2012.07.03 20:05:20 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc [2012.07.03 20:05:08 | 000,000,256 | -H-- | M] () -- C:\ProgramData\MYC7NlSPONnkXc [2012.07.01 21:36:22 | 000,039,914 | -H-- | M] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf [2012.06.14 22:33:58 | 000,361,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.14 09:40:44 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 09:40:44 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 09:40:44 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 09:40:44 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.05 10:07:19 | 000,001,061 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.05 10:07:09 | 000,001,033 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2012.07.04 09:18:48 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable [2012.07.04 09:12:32 | 000,302,592 | ---- | C] () -- C:\Users\Mathias\Desktop\vomherxq.exe [2012.07.04 09:11:42 | 000,050,477 | ---- | C] () -- C:\Users\Mathias\Desktop\Defogger.exe [2012.07.03 20:05:20 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXcr [2012.07.03 20:05:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXc [2012.07.03 20:05:07 | 000,000,256 | -H-- | C] () -- C:\ProgramData\MYC7NlSPONnkXc [2012.07.01 21:36:22 | 000,039,914 | -H-- | C] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf [2012.06.25 22:20:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.06.25 22:20:02 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx [2011.10.07 12:28:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.07 12:28:40 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT [2011.08.22 23:23:25 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.08.22 06:17:52 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2011.08.22 00:10:48 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.08.21 23:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.21 21:47:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.08.21 21:47:15 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2011.08.21 21:47:13 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2011.08.21 21:45:04 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2011.08.21 21:45:04 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.08.21 21:45:04 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.06.22 10:43:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll [2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll ========== LOP Check ========== [2012.06.28 23:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.anki [2012.06.28 16:23:54 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib [2011.08.22 00:07:43 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console [2012.07.04 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox [2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org [2011.08.22 00:07:44 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema [2009.07.14 06:53:46 | 000,029,170 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.07.2012 09:21:06 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mathias\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free 5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F00A9D-185A-4D10-9228-C14B00318A8F}" = lport=139 | protocol=6 | dir=in | app=system | "{0780777C-D603-4F23-8858-FB7DB99401F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{153C1696-EA3B-4CF0-BBBB-C0B6B0A43231}" = rport=445 | protocol=6 | dir=out | app=system | "{3F435D3E-12B6-48B1-800D-EFA2D2228933}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{48484C6C-A1E6-47A3-83D3-B9410C03AA11}" = rport=10243 | protocol=6 | dir=out | app=system | "{520474FF-B823-4E9E-84E8-E33119EF4355}" = lport=137 | protocol=17 | dir=in | app=system | "{55F3330D-6319-45D3-832E-6E816E844D1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{56170BA2-551D-435C-BE23-9618798C6CF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5B5E672C-5D68-4BE8-9323-4918DA8CC8A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6C382540-1D6A-4F8C-97F4-F7523C1BCE57}" = lport=2869 | protocol=6 | dir=in | app=system | "{71956D23-D9DF-474F-BB07-08EB1DAF33F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9253A523-4691-4BE6-8405-F5E5FF113817}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{93AA3420-11D8-40C5-975B-824C5874B4CF}" = lport=138 | protocol=17 | dir=in | app=system | "{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9AEDF331-C7AF-48F4-AF3A-6E234DC95A95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AC79484D-3DB0-49D9-B86C-703F68CD1BD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B4590DCF-3773-4270-A239-5AC4895B5379}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BA7724CC-F90E-4D81-B01C-519EDA91AC34}" = rport=137 | protocol=17 | dir=out | app=system | "{D4FFF1D1-B312-4F41-9A61-07C532F17A0A}" = rport=139 | protocol=6 | dir=out | app=system | "{D61493B3-FEC3-41E8-8624-66E62DCA1A7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DF893A1A-2A35-4272-801A-870518F44060}" = rport=138 | protocol=17 | dir=out | app=system | "{DF8F0146-6A0D-4018-85A2-42AB22D44048}" = lport=445 | protocol=6 | dir=in | app=system | "{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | "{ECD2B67A-9503-4742-825A-3280DE50B891}" = lport=10243 | protocol=6 | dir=in | app=system | "{F723BAE0-271F-4B36-A8C9-A206BC02ED99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01812F4C-05C0-49DE-9EF1-8310566E3AF5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0DB4F180-E3D0-4029-B3D9-5F5B3AAEAF90}" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | "{1313DC88-43E4-43F0-9E0B-E1A24147BF4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{22955B12-C94D-4F55-A605-2D6BFED9EA8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2E5F32AD-6497-41BE-A217-CAC31848A3DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3B75AB01-24D9-4683-B3D1-81A6FC7E9745}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{49F1200A-67B8-41E0-84B8-76A9C39BB436}" = protocol=6 | dir=out | app=system | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{61846197-4A36-4066-BFBE-5C25B4C62B19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6904E211-8DA3-4955-A21A-C53989AA85D2}" = dir=in | app=c:\program files\itunes\itunes.exe | "{6BCD1C50-894C-41C5-A467-41DE5BE77B3D}" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{90A932C0-74AD-4B78-A0AE-4542937CF962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{950EAF1C-9823-49DF-93E1-EB09B259CD74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2366D76-05E3-49DA-BCA1-F99553DA6F6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A2F69815-1078-4016-B1D4-89B6312C28FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B1AD0714-6EC5-4530-B61B-C22794343030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B2E7A0F8-0B5B-4528-8E35-CEF1D8885FD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B8EDCBEC-700B-4D19-920E-A674346B4DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C5EA0BAE-7DE3-4691-A83B-05A0EEFFDEE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C77CDDAE-17C5-4019-9313-145E140472DD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{D7E60BED-8C9C-4635-A57F-2F8CBD53D905}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DB2510C8-A74B-4F21-828F-3DAE6BB3B947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ED6668AE-187A-4388-8840-D6CF18126208}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FAB4A4D9-123F-4A2A-AEF6-71813D6CFCB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{62C17BEA-48BB-4689-9F62-A51FCB70F01F}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{014349F4-2F45-481C-BDA9-BBFF40927DEE}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033F0CE1-B6FC-EC7A-7914-81F14C8DBA0F}" = Catalyst Control Center Core Implementation "{05B95480-732A-1081-8A94-D924326AF36F}" = CCC Help English "{0945589B-6CC4-FA00-3CBE-BD6028B26063}" = CCC Help Turkish "{0EAE6EF9-010E-0734-D0A0-2BB8040F90EA}" = CCC Help French "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{133C8002-B64F-C9E7-7DAC-21BAE58DC041}" = CCC Help Russian "{150715F0-2800-A3C5-836E-F4F98AE3A775}" = ccc-core-static "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22EFABF6-7373-7755-4EA4-5240E7CCEEF7}" = Catalyst Control Center Graphics Previews Vista "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{270629EB-D776-04FC-0631-256177B7A021}" = CCC Help Swedish "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{29D2987A-9FBC-1BD3-E463-12D50D94DBFC}" = Catalyst Control Center Graphics Full New "{2AB22900-5718-4617-523B-9DFDECB4749D}" = CCC Help Italian "{3956AEA0-9299-CA45-5BF1-5A721F8E3A21}" = CCC Help Chinese Traditional "{3C152296-D7E4-59F4-B07E-43587CE985FE}" = CCC Help Norwegian "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{502D4628-92AD-416A-0580-00D64320DBB7}" = ATI Catalyst Install Manager "{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{66CB1DC8-FBA1-7436-08F3-061F7CB72C80}" = Skins "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6C497312-7C1E-BB3C-D143-B8FD0C894CF1}" = CCC Help Polish "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88FC0C01-E4AA-3C3E-4612-3F11E69EF188}" = CCC Help German "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98E3A37D-D424-C725-E06A-71C1151F682A}" = CCC Help Finnish "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{A141F87A-A73B-368D-AB65-A997B3D1D2C4}" = CCC Help Spanish "{AAD2CA33-F716-4D1B-31F9-B52A847C4AF1}" = CCC Help Hungarian "{AB104276-19BC-D12E-90EE-D358003A4EAF}" = CCC Help Greek "{ABBD20D8-60E7-885B-734A-DE745BFDF43B}" = CCC Help Czech "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEE701D3-6AF7-A8D5-145E-D0C01D528FAD}" = ccc-utility "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B5080F69-EE95-49DC-F8A1-B7CBB2B5028D}" = CCC Help Korean "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B6CB5308-3B67-9861-97F5-0EB31CE21E63}" = CCC Help Chinese Standard "{B7020783-0AB1-8D67-E850-673BD0C61E7F}" = CCC Help Thai "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D0354121-07AF-DE06-1D0F-7490EFE2F67A}" = Catalyst Control Center Graphics Full Existing "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216 "{DA163DB8-C795-9EF2-7CF2-8B570BA9E39E}" = CCC Help Portuguese "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E36BE564-B727-A80D-E9F0-7FFEB69120E5}" = CCC Help Dutch "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5A56A6C-7656-969C-457A-E7600A6F169B}" = Catalyst Control Center Graphics Light "{E5D9A29A-8903-968F-6394-CB8CC151084C}" = Catalyst Control Center Localization All "{EE03DA2C-2154-7298-4461-F76C615932A9}" = CCC Help Japanese "{EE9DEA81-3B77-7135-0E5B-B8C3092FE88A}" = CCC Help Danish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 9.20 "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Anki" = Anki "Avira AntiVir Desktop" = Avira Free Antivirus "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup" = DivX-Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "LManager" = Launch Manager "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.1.11 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488 Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien. Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217 Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\: Fehler (-1032) während der Sicherung einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.edb). Die Datenbank kann nicht wiederhergestellt werden. Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215 Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488 Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien. Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217 Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Fehler (-1032) während der Sicherung einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.edb). Die Datenbank kann nicht wiederhergestellt werden. Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215 Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488 Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien. Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217 Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Fehler (-1032) während der Sicherung einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.edb). Die Datenbank kann nicht wiederhergestellt werden. Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215 Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 04.07.2012 03:02:34 | Computer Name = Mathias-Laptop | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 26.03.2012 14:11:10 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit dem Computer mit der Netzwerkhardwareadresse 00-03-91-B6-E1-E3 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 26.03.2012 18:01:04 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.03.2012 12:59:38 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.03.2012 13:42:35 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.03.2012 13:51:37 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem Computer mit der Netzwerkhardwareadresse 70-1A-04-45-CB-37 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 27.03.2012 15:36:12 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.03.2012 17:12:43 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.03.2012 18:07:10 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-07-04 11:28:43 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 Running: vomherxq.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\kwriqkog.sys ---- System - GMER 1.0.15 ---- SSDT 900C8A2E ZwCreateSection SSDT 900C8A38 ZwRequestWaitReplyPort SSDT 900C8A33 ZwSetContextThread SSDT 900C8A3D ZwSetSecurityObject SSDT 900C8A42 ZwSystemDebugControl SSDT 900C89CF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83290599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 340 832BC990 4 Bytes [2E, 8A, 0C, 90] {MOV CL, CS:[EAX+EDX*4]} .text ntkrnlpa.exe!RtlSidHashLookup + 69C 832BCCEC 4 Bytes [38, 8A, 0C, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 6E0 832BCD30 4 Bytes [33, 8A, 0C, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 75C 832BCDAC 4 Bytes [3D, 8A, 0C, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 7B0 832BCE00 4 Bytes [42, 8A, 0C, 90] {INC EDX; MOV CL, [EAX+EDX*4]} .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91431000, 0x2D5378, 0xE8000020] PAGE peauth.sys A1047B9B 72 Bytes [20, 55, 58, EA, 21, 76, B4, ...] PAGE peauth.sys A104802C 102 Bytes CALL BE117902 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
Themen zu S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? |
7-zip, antivir, avira, avira searchfree toolbar, bho, bonjour, computer, error, firefox, flash player, helper, home, install.exe, ip-adresse, launch, locker, logfile, microsoft office word, mozilla, mywinlocker, nicht öffnen, plug-in, popup, problem, realtek, registry, scan, searchscopes, security, senden, software, svchost.exe, usb 2.0, virus, warnung, windows, zugriff verweigert, ändern |