|
Plagegeister aller Art und deren Bekämpfung: Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.08.2012, 17:18 | #1 |
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Hi, seid ca. einer Stunde schliest sich stendig mein Taskmanager von alleine wieder. Ich spielte gerade BF3 und das Game stürzte mal weider ab beim mapchange. Ich benutzen Sandbox, aber weil ich mit der einstellung von Sandbox nicht zurecht komme kann ich es leider nicht für alles nutzen. z.B. alles wo ich videos schauen will kann es es nicht nutzen, und alles was im sandbox ich im internet sehe ist auch ohne ton. BF3 kann ich von da aus auch nicht nutzen, leider Komm damit leider einfach nicht voll klar und mein englisch ist auch nicht so super ^^ So habe ein ähnliches Problem gelesen und dort wurde nach einem Log gefragt, den post ich auch gleich mal. Ich hoffe ich muss nicht schonwieder formatieren, musste ich erst vor einigen Monaten wegen nem Trojamer. Wäre super schön wenn ich irgendwie auf einen stand zurücksetzen kann wo noch alles ging so vor ner woche von mir aus HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:09:26, on 18.08.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe C:\Program Files\Sandboxie\32\SbieSvc.exe C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-3758058623-1903977830-3846845706-1003\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'xxxxxxxxxx') O4 - S-1-5-21-3758058623-1903977830-3846845706-1003 Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe (User 'xxxxxxxxx') O4 - S-1-5-21-3758058623-1903977830-3846845706-1003 User Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe (User 'xxxxxxxxx') O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10338 bytes Huch schon auf seite zwei gelandet ich "up" mal, hoffe mir kann schnell jemand helfen. Kleines "UP" bin ja schon auf seite 2 gerutscht Hoffe kann bald jemand helfen... Huch schon auf seite zwei gelandet ich "up" mal, hoffe mir kann schnell jemand helfen. ok jetzt hab ichs geraft xD einen post unter sein eigenen geht wohl nicht Gute einstellung ^^ - - - Wenn ich mich mit meinem Administrator Benutzer Profil anmelde hab ich das Problem nicht, falls es evtl. weiterhilft... |
19.08.2012, 18:06 | #2 |
/// Helfer-Team | Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
19.08.2012, 20:12 | #3 |
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Hier schonmal die OTL Looks.
__________________Malware scan läuft grad noch OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.08.2012 20:11:51 - Run 1 OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\nichtadmin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,15% Memory free 7,48 Gb Paging File | 5,32 Gb Available in Paging File | 71,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60,38 Gb Total Space | 24,79 Gb Free Space | 41,06% Space Free | Partition Type: NTFS Drive D: | 224,61 Gb Total Space | 121,49 Gb Free Space | 54,09% Space Free | Partition Type: NTFS Computer Name: ____ | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\LittleWulf\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Sandboxie\32\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE473 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search" FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 18:39:44 | 000,000,000 | ---D | M] [2012.03.04 17:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2012.03.18 22:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\uiywrttb.default\extensions [2012.03.05 18:38:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\uiywrttb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.07 18:16:25 | 000,002,102 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uiywrttb.default\searchplugins\wot-safe-search.xml [2012.06.21 17:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.18 22:48:01 | 000,521,086 | ---- | M] () (No name found) -- C:\USERS\admin\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIYWRTTB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.03.05 18:38:48 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\admin\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIYWRTTB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.07.28 20:18:31 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB71CAE6-168F-4520-8193-B8B6A2F15561}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.19 19:56:42 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2012.08.19 19:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.19 19:56:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.19 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.18 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis [2012.08.15 17:44:35 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 17:43:27 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 17:43:26 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 17:43:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 17:43:09 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 17:43:08 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.15 17:43:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 17:42:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 17:42:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 17:42:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 17:42:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.07.31 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2012.07.31 18:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView [2012.07.28 20:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.28 20:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service ========== Files - Modified Within 30 Days ========== [2012.08.19 19:56:29 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.19 19:35:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.19 19:06:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.08.19 19:06:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.19 19:06:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.08.19 17:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.19 15:57:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.19 15:57:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.19 15:49:14 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys [2012.08.18 14:29:39 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.16 17:34:16 | 000,367,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 20:35:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 20:35:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.31 16:23:11 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 16:23:11 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 16:23:11 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 16:23:11 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 16:23:11 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2012.08.19 19:56:29 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.18 14:29:39 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.07.12 16:31:00 | 000,000,804 | ---- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\L\00000004.@ [2012.07.03 11:19:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.03 11:19:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.03 11:19:16 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2012.07.03 11:19:16 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2012.07.03 11:19:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.06.26 20:08:54 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.06.26 20:08:53 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.06.26 20:08:51 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.05.10 10:04:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.10 10:04:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.10 22:15:43 | 000,000,694 | ---- | C] () -- C:\Windows\eReg.dat [2012.03.07 19:10:15 | 000,000,826 | ---- | C] () -- C:\Windows\wininit.ini [2012.03.05 21:28:47 | 000,003,272 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.03.04 19:48:36 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.04 17:49:54 | 000,002,048 | -HS- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\@ [2012.03.03 01:55:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.03 01:51:37 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.04.19 12:36:21 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.03.18 22:48:04 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\3Dconnexion [2012.08.18 14:32:21 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Anytow [2012.08.18 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Awdoba [2012.07.13 04:55:48 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\DAEMON Tools Lite [2012.08.15 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\EoN [2012.08.19 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\ICQ [2012.03.20 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\OpenOffice.org [2012.08.09 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Origin [2012.06.28 19:54:46 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\TeamViewer [2012.08.14 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\TS3Client [2012.07.31 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\XnView [2012.08.18 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Yxdy [2012.07.13 03:59:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite [2012.03.07 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ICQ [2012.03.07 20:39:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org [2012.03.07 19:12:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin [2012.08.12 17:56:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client [2012.08.19 15:49:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.08.2012 20:11:51 - Run 1 OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\nichtadmin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,15% Memory free 7,48 Gb Paging File | 5,32 Gb Available in Paging File | 71,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60,38 Gb Total Space | 24,79 Gb Free Space | 41,06% Space Free | Partition Type: NTFS Drive D: | 224,61 Gb Total Space | 121,49 Gb Free Space | 54,09% Space Free | Partition Type: NTFS Computer Name: ____ | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09F3A94C-F122-4A5C-8A2A-C1370C23799B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{10B4FE8B-CB8E-4F83-940D-4FD10F2746AD}" = rport=445 | protocol=6 | dir=out | app=system | "{1620874C-FCE1-410E-BA1A-EC9BDA2F58E2}" = lport=445 | protocol=6 | dir=in | app=system | "{37F98B62-93B4-4064-ADBE-7266DC51612B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{42CB7B10-17C2-4696-A1ED-53747B10867B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{43B6C940-7364-447F-AEB8-CAEED7035F11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{45BAA1B9-F046-4979-8B6E-E3D35D77E6B0}" = rport=138 | protocol=17 | dir=out | app=system | "{50A7592B-701A-4B08-9EDD-4B455CA014B4}" = rport=139 | protocol=6 | dir=out | app=system | "{51105F2E-31E5-4A94-839F-B661EF3DA866}" = rport=137 | protocol=17 | dir=out | app=system | "{569142D9-B73D-4D4C-B841-A4FDA4F5F1DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7E3871A3-73EF-417B-BE7B-E75A8119C7AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{817D57F4-15CB-4D89-9D3E-A1362B18E267}" = lport=139 | protocol=6 | dir=in | app=system | "{8495791E-7023-462C-9EC6-C72F2BD7D0E5}" = lport=10243 | protocol=6 | dir=in | app=system | "{870AD098-708E-44CA-8892-7F474AABDF3C}" = lport=138 | protocol=17 | dir=in | app=system | "{8A24831B-75C6-49B2-B2E5-DEC50D7A49F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{8C790B8D-681A-43B5-A4DC-7344569FFD8C}" = rport=10243 | protocol=6 | dir=out | app=system | "{A58D7D3D-1AF8-42E5-B5F3-F128405F3281}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B0DD09C9-A0A2-4DB3-A007-B90E4B05A7B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C82DF571-E5FD-4349-A138-68CCFA7E041F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FCEA900D-B57F-4492-B127-DB2BF4AA1AA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FECD492A-127A-407C-8306-0749AFE3E362}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C91090-B5C3-45FA-8312-5469E01B18F7}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{02852484-B64D-4621-8358-E7E5CECB7BAC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0411381A-4F4B-42B4-A1A1-860127E348B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{098C70DA-0B64-40BF-BF8B-59FBD99AC698}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic 2013 demo\dotp_d13_demo.exe | "{13F334BC-5F0A-4610-895E-80767E2616FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{15F41015-59E6-42BD-A9D3-E3F6BB990B08}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{1A938BE2-3789-4E37-AFB1-11CE2FB07F4F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{1ED15905-417B-4F3D-8870-3C0ECA68BD15}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{1F3A4489-B5F2-4A07-8C98-C1C82D6831D5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{2201A978-DA6C-47C4-B2B7-7DA90C58F589}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{259037B4-6F43-48AB-93D6-5417444FB516}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{2828D8B6-6DA6-4654-9286-264DD369EE4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2C911EC9-4A4C-4ED2-AB61-B7AAA20EDD06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{33B0966A-E448-45D8-9B56-AEE4058F468C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{347ED66D-A80E-4E9A-A19C-D67D0D26BC04}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{3C73AA64-12C2-42AB-A644-085058C6DBBB}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | "{3E9264CD-4E0B-40D5-8B7A-B6F3248F0666}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe | "{3F32B416-0A7A-4862-B960-624284C7E2CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{489EBA16-AC6F-4153-B329-AB4B5C591C59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4C1DED3D-A0F0-47AD-8AEC-1638AC32D9C6}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe | "{551484BC-58AD-4932-804F-81C6EE2FD1B9}" = protocol=17 | dir=in | app=d:\games\origin games\battlefield 3\bf3.exe | "{612BDA36-92D9-4989-9D5E-E3B2BBC7AE54}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{6635B104-95FC-4DB2-8542-2BD31C6B4CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{68D42766-138A-4750-9475-1658FD421975}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{695C84EB-1520-4122-B757-26F1B4905C76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{6BD9474E-464A-44B3-A355-755CF099532B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F8D4358-7604-4F68-9033-431E900FE3CB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{700E1155-491F-4862-88EF-BC7C6846DCBD}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii\diablo iii.exe | "{7E6410F1-AAB0-49DF-8390-1D240ECEA70E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic 2013 demo\dotp_d13_demo.exe | "{7E69A5F5-B9FE-4DDD-9298-D8AC31961C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{86752A78-AC27-4762-8D7C-B7679B3AA37D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8983134A-50A4-4344-A962-AC46258434F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9BA4266C-AD9F-4E21-BEEF-6FDDD1F6160B}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{9C12A486-DD52-468D-BDEF-4BB1F897D1A6}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii\diablo iii.exe | "{9C80345C-F51C-406F-90E1-29C131941631}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9FDFC307-ABF9-4FAB-BE6E-46A7FF5B2300}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe | "{A0E7B4B7-B45D-4E3E-BECA-99B3E7B3EC30}" = protocol=6 | dir=out | app=system | "{A50C4AAD-42DC-40A4-9109-C6BFF0A49F78}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | "{A5893FC0-C622-4C0D-A79E-B242758F4505}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{AC1DFD39-CFDA-4865-8647-A655AF95CCDB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AD5D722C-AA73-49E3-A0CD-819BBD9A048E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{AFDBAB4F-C31C-49C3-B3D8-4FCEF8FF0D1B}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | "{B5B0CF4F-F508-4374-8557-49F015C78E35}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{BB626015-62E3-4296-A9E6-E40C77BCEB30}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{BB94EC53-1079-40B4-99B6-A1426A3FC738}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{C08E02EA-E244-4BF5-8A6E-CF97593387B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C19DB016-A6BA-4BE0-B5F3-6C14255F82EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C2211008-E81F-4170-AC80-1E7A6B8E91D2}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{C6C502F1-A4AF-4CC8-B11A-A06F6E667D01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBF98ABB-6492-4C9B-ABF3-3FE27C265A05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CD686802-4419-4A44-988A-3CDCC5143F5C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CFB9D772-6467-4755-9B08-667E363E5208}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | "{D7F59B86-27CA-4AD8-9DC3-6A973384D478}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{DA9783CF-CA31-420D-BC62-F8AE41816610}" = protocol=6 | dir=in | app=d:\games\origin games\battlefield 3\bf3.exe | "{DC181075-0EDD-4DD0-8B89-458FB17E5D34}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{DCF37783-450B-421A-98A8-84B038D81E35}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe | "{DD32FA3D-FC00-4C72-A1D9-74C4C175A76F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{DFC4C1F7-839A-434E-A83B-28E514B22BAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DFDA098B-5399-4C3A-B68C-65F0F31410EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{E5BFC051-2B97-4D29-A844-C70413594CE3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E9D98CC3-61B7-4240-A8BF-5C9B1F4FC7BE}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{F346D2CA-CE2C-495D-A09A-B10EF855A3A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F574EBEF-FA6A-4FA3-95DE-D436285794ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F6144F46-9DC7-402C-B06E-026538D65B23}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FCC1C5F2-BC21-49B7-ADCC-A0B888F52584}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{0352B962-3556-44F9-84F7-43E3DF707AAC}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{09DC5A19-C761-4F3A-A596-F50FF415001E}D:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{14DBFBFF-F15B-430C-BCC7-E6B6BBBF004F}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{199C9C86-6796-459D-9B3C-A5C8709069FA}D:\games\left4dead2\left4dead2.exe" = protocol=6 | dir=in | app=d:\games\left4dead2\left4dead2.exe | "TCP Query User{1C10F732-9C5E-440C-992A-2A3CE36E42A4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{2628B882-58AB-4F97-B57C-C11C75C322B4}D:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{313C4A3A-B6C9-4944-9AF7-2F9A5DEF1EFF}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "TCP Query User{3BA22A83-B474-4B8E-A071-D52F24BF5A96}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{4D381FC5-D935-4CC8-A32B-74627EB6FC87}C:\users\admin\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\starcraft_2_eu_de-de.exe | "TCP Query User{57F52F4C-B2F0-41FD-AB51-0C46559297C0}C:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe | "TCP Query User{6502974B-E525-4C9F-AF76-AFEC259741D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{67F2DAAF-4022-47D9-A3AF-B9B69F07EE3D}D:\games\warcraft iii 2 an midget (midget)\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii 2 an midget (midget)\war3.exe | "TCP Query User{6AAF3117-2544-4488-AB1E-5D8EE276FE36}C:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | "TCP Query User{833BAF54-6384-41A1-8C0F-AF46168EE1DD}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{8E78B87F-22BA-4195-8AE0-92902F0C4E81}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{981E80CE-FD21-4FB9-946C-82F951FE5C36}C:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | "TCP Query User{9CE04E96-4441-452E-B9A8-A5BDA1E3160D}D:\games\age of empires ii the age of kings\empires2.exe" = protocol=6 | dir=in | app=d:\games\age of empires ii the age of kings\empires2.exe | "TCP Query User{9D85F312-FF0F-461C-A514-E424D92D42EA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{9F64804A-1AAF-44AF-9251-2DDFE27A084B}D:\games\warcraft iii\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\starcraft ii.exe | "TCP Query User{A321B776-4752-4397-BB4C-9C33D99FC93E}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe | "TCP Query User{C1D86821-02D4-4F91-9BFF-F80D9C0F56D9}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{D8651308-1AAA-493A-9F90-1CDE946DF9D0}C:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe | "TCP Query User{D8C704C1-28A4-46BE-B418-9566B4F21F8D}D:\games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\games\command and conquer generals\game.dat | "TCP Query User{DFA4598A-3A22-403E-90F7-83EF4D695335}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{F8BA274A-FB7F-4A18-BD9B-F55CB21DA368}C:\users\nichtadmin\downloads\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_dede.exe | "TCP Query User{FAD0C791-324E-46F7-8F4E-320AD4DC6108}C:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | "UDP Query User{1169A0AD-D2D8-42C2-B7F6-947B8CD4BD7A}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{22B01130-C29B-4DE9-8D39-3F5F2BB34BA3}C:\users\nichtadmin\downloads\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_dede.exe | "UDP Query User{25D013BE-A376-418F-98BF-DDB3ED807CF7}D:\games\warcraft iii\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\starcraft ii.exe | "UDP Query User{471B026B-49D9-4ECA-85C7-872C6D669E74}C:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | "UDP Query User{4A05CBF2-242A-4DB4-AC7C-95425D1069CF}D:\games\warcraft iii 2 an midget (midget)\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii 2 an midget (midget)\war3.exe | "UDP Query User{4BC030E4-C6E3-477A-8791-2864A2342507}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{52A64C03-4A90-464B-A315-B13DDD10213C}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe | "UDP Query User{6349858B-AF48-4C71-8511-B7E0D692590A}C:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | "UDP Query User{7B1E4015-747E-411F-94F6-EBCAE89A09F1}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "UDP Query User{7B40E25A-98B9-422A-9906-912C1800953D}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{815B3ED7-9FBB-42DD-ADC0-8A15127BE4D5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{83471507-6BEA-422C-A1F9-E659EAFC5C39}C:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | "UDP Query User{84308E42-2A68-4951-8703-349CCF4101EC}D:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{89317902-F5CD-4CF7-8084-65357D3AE517}D:\games\left4dead2\left4dead2.exe" = protocol=17 | dir=in | app=d:\games\left4dead2\left4dead2.exe | "UDP Query User{96FB9091-EB2F-4E36-ADDD-6BB23AE6CAC2}D:\games\age of empires ii the age of kings\empires2.exe" = protocol=17 | dir=in | app=d:\games\age of empires ii the age of kings\empires2.exe | "UDP Query User{98169B9A-2893-44CA-94BF-CC88DD8E9208}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{9DF63A42-6583-45C8-AF74-92B8A58BC6B9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{B13848E0-9958-4270-99DE-1EBA7AB0CF24}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{B6F90F87-04D2-4964-B444-8A495FFE46F6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{C92AA728-5AA0-4419-A13F-09C7CCF742A2}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{D63603AF-5417-4E78-A40F-00103193CFBB}C:\users\admin\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\starcraft_2_eu_de-de.exe | "UDP Query User{D686D7C7-5B00-4CF7-94CE-83D929902E8F}D:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{E946BFE4-32C0-428F-B787-CE57CA3B5681}C:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe | "UDP Query User{F5B8C1B5-BEC3-400C-B051-068E0AD23773}C:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe | "UDP Query User{F832D051-A0BA-4ACA-8A52-7B860B8651B8}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{FC8EAEE6-4A07-4149-A35B-2F4F28A2D29D}D:\games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\games\command and conquer generals\game.dat | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{364DE718-D45E-978A-A316-AB0557649B6F}" = ATI AVIVO64 Codecs "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager "{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding "{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard "{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CutePDF Writer Installation" = CutePDF Writer 2.8 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Sandboxie" = Sandboxie 3.64 (64-bit) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish "{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional "{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish "{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4 "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{57439F3C-1001-5AB2-A0E4-F36D43C84BEB}" = HydraVision "{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy "{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese "{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™ "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean "{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian "{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch "{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian "{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian "{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish "{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update "{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish "{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common "{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition) "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard "{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese "{E0D3B8A3-F268-4C74-AD24-AE489FA80B39}_is1" = Xtreme-G 12.4 Win7-8 32-64bit "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader "{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All "Acer Registration" = Acer Registration "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Battlelog Web Plugins" = Battlelog Web Plugins "Cockatrice" = Cockatrice "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo II" = Diablo II "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "FileHippo.com" = FileHippo.com Update Checker "HaaliMkx" = Haali Media Splitter "Identity Card" = Identity Card "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Secunia PSI" = Secunia PSI (2.0.0.4003) "StarCraft II" = StarCraft II "Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012 "Steam App 97340" = Magic: The Gathering - Duels of the Planeswalkers 2013 Demo "Warcraft III" = Warcraft III "World of Warcraft" = World of Warcraft "XnView_is1" = XnView 1.98.5 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.07.2012 17:11:39 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Left4dead2.exe, Version: 0.0.0.0, Zeitstempel: 0x4addfda3 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel: 0x4b2be096 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001a2103 ID des fehlerhaften Prozesses: 0x11e4 Startzeit der fehlerhaften Anwendung: 0x01cd606aeb31a6d0 Pfad der fehlerhaften Anwendung: D:\Games\Left4Dead2\Left4dead2.exe Pfad des fehlerhaften Moduls: D:\Games\Left4Dead2\left4dead2\bin\client.dll Berichtskennung: 2b5fd57a-cc66-11e1-adb5-c80aa995482f Error - 13.07.2012 00:49:22 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften Prozesses: 0xcd0 Startzeit der fehlerhaften Anwendung: 0x01cd60b2dd09f213 Pfad der fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1ceaa314-cca6-11e1-adb5-c80aa995482f Error - 13.07.2012 00:50:01 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften Prozesses: 0x430 Startzeit der fehlerhaften Anwendung: 0x01cd60b2f4bb244d Pfad der fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 33985f50-cca6-11e1-adb5-c80aa995482f Error - 13.07.2012 00:51:06 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften Prozesses: 0xfa0 Startzeit der fehlerhaften Anwendung: 0x01cd60b31bb0cad7 Pfad der fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 5a717558-cca6-11e1-adb5-c80aa995482f Error - 13.07.2012 00:53:58 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften Prozesses: 0xe5c Startzeit der fehlerhaften Anwendung: 0x01cd60b37eea283b Pfad der fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c1335da3-cca6-11e1-9035-c80aa995482f Error - 13.07.2012 00:55:15 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften Prozesses: 0xea0 Startzeit der fehlerhaften Anwendung: 0x01cd60b3afdc8b82 Pfad der fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: eec80ec7-cca6-11e1-9035-c80aa995482f Error - 13.07.2012 07:01:27 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften Prozesses: 0x86c Startzeit der fehlerhaften Anwendung: 0x01cd60e6d77323a6 Pfad der fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1783702d-ccda-11e1-80ac-c80aa995482f Error - 13.07.2012 17:59:07 | Computer Name = ____ | Source = Application Hang | ID = 1002 Description = Programm Demigod.exe, Version 1.0.0.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 688 Startzeit: 01cd61388a9794f2 Endzeit: 324 Anwendungspfad: D:\Games\Demigod-RADIANCE.Upped.By.Creep\radiance-demigod\bin\Demigod.exe Berichts-ID: Error - 14.07.2012 18:51:36 | Computer Name = ____ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: cockatrice.exe, Version: 0.0.0.0, Zeitstempel: 0x4ff1d2a7 Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.1.0, Zeitstempel: 0x4fe7a8a8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0063cb64 ID des fehlerhaften Prozesses: 0x8fc Startzeit der fehlerhaften Anwendung: 0x01cd6204f883b9cb Pfad der fehlerhaften Anwendung: D:\Games\Cockatrice\cockatrice.exe Pfad des fehlerhaften Moduls: D:\Games\Cockatrice\QtGui4.dll Berichtskennung: 768d13b8-ce06-11e1-acca-c80aa995482f Error - 15.07.2012 12:53:04 | Computer Name = ____ | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10bc Startzeit: 01cd62a4ea58069e Endzeit: 63 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 8935f187-ce9d-11e1-ad68-c80aa995482f [ System Events ] Error - 15.08.2012 11:26:00 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 16.08.2012 11:24:45 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 16.08.2012 11:34:10 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.08.2012 11:22:01 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.08.2012 17:14:23 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.08.2012 04:11:26 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.08.2012 07:48:08 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.08.2012 09:54:35 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.08.2012 11:55:54 | Computer Name = ____ | Source = DCOM | ID = 10010 Description = Error - 19.08.2012 09:49:40 | Computer Name = ____ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > hhmm nach dem entfernen sagte mir maleware ich muss neustarten um richtig zu entfernen, ich hab erstmal die txt gespeichert und dann neu gestartet, leider ist die txt aber nun aufeinmal weg Aber er hatte 2 sachen gefunden, beide entfernt. Nu geht taskmanager wieder. Übrigens, in letzter zeit stürzt mir mein windows explorer direkt nach dem hochfahren einfach ab, kann ich niks machen auser hard kill das nervt |
19.08.2012, 20:49 | #4 |
/// Helfer-Team | Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE473 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search" FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 [2012.08.18 14:29:39 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA [2012.08.19 19:35:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.12 16:31:00 | 000,000,804 | ---- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\L\00000004.@ [2012.03.04 17:49:54 | 000,002,048 | -HS- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\@ :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
20.08.2012, 17:47 | #5 | |
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Wenn man sowas liest Zitat:
Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "WOT Safe Search" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\ProgramData\ism_0_llatsni.pad moved successfully. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\L\00000004.@ moved successfully. C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\@ moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\LittleWulf\Desktop\cmd.bat deleted successfully. C:\Users\LittleWulf\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LittleWulf ->Temp folder emptied: 241926094 bytes ->Temporary Internet Files folder emptied: 49071040 bytes ->Java cache emptied: 1810417 bytes ->FireFox cache emptied: 830934077 bytes ->Flash cache emptied: 9325 bytes User: Public User: admin ->Temp folder emptied: 430401103 bytes ->Temporary Internet Files folder emptied: 23020286 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 46739158 bytes ->Flash cache emptied: 635 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 396229776 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes RecycleBin emptied: 2149 bytes Total Files Cleaned = 1.927,00 mb OTL by OldTimer - Version 3.2.58.0 log created on 08202012_184956 Wenn ich OTL nochma starten will sagt mir mein Emsisoft achtung da tut sich was blockieren oder nicht? Was hat denn dieser "Fix" ausgeführt??? Geändert von LittleWulf (20.08.2012 um 17:57 Uhr) |
20.08.2012, 18:04 | #6 |
/// Helfer-Team | Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) |
20.08.2012, 19:14 | #7 |
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 LittleWulf :: ___ [limited] 20.08.2012 19:29:29 mbam-log-2012-08-20 (19-29-29).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 302128 Time elapsed: 38 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/20/2012 at 20:15:33 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : xxxxx - ____ # Boot Mode : Normal # Running from : C:\Users\LittleWulf\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Partner ***** [Registry] ***** ***** [Registre - GUID] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\uiywrttb.default\prefs.js [OK] File is clean. Profile name : default File : C:\Users\LittleWulf\AppData\Roaming\Mozilla\Firefox\Profiles\dru5hpei.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1369 octets] - [20/08/2012 20:15:33] ########## EOF - \AdwCleaner[R1].txt - [1497 octets] ########## |
20.08.2012, 22:16 | #8 |
/// Helfer-Team | Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
21.08.2012, 16:42 | #9 |
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/21/2012 at 17:37:45 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : xxxxx - ____ # Boot Mode : Normal # Running from : C:\Users\LittleWulf\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Partner ***** [Registry] ***** ***** [Registre - GUID] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\uiywrttb.default\prefs.js [OK] File is clean. Profile name : default File : C:\Users\LittleWulf\AppData\Roaming\Mozilla\Firefox\Profiles\dru5hpei.default\prefs.js [OK] File is clean. ************************* AdwCleaner[S1].txt - [291 octets] - [20/08/2012 20:17:42] AdwCleaner[S2].txt - [1197 octets] - [21/08/2012 17:37:45] AdwCleaner[R3].txt - [1671 octets] - [21/08/2012 17:37:36] AdwCleaner[R1].txt - [1492 octets] - [20/08/2012 20:15:33] AdwCleaner[R2].txt - [1552 octets] - [20/08/2012 20:17:30] ########## EOF - \AdwCleaner[S2].txt - [1505 octets] ########## Und ich Scanne regelmäßig, so alle 3-5 Tage und lösche dan alle funde, weil ich Quarantäne nicht vertraue Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 21.08.2012 17:24:50 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 21.08.2012 17:45:01 Gescannt 576205 Gefunden 0 Scan Ende: 21.08.2012 18:18:47 Scan Zeit: 0:33:46 |
21.08.2012, 17:45 | #10 |
/// Helfer-Team | Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
22.08.2012, 04:45 | #11 |
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Also mein Windows stürzt jetzt bei jedem Hochfahren einmal ab, kurze lädt er, und dann kann ich nichts machen bleibt einfach hengen. Muss jedes mal Hardkill machen und nochmal hochfahren. Möchte bitte gern erstmal wissen was wir hier die ganze zeit machen???? Das Porblem worum es in dem Thread ging war ja schon nach dem ersten Schritt gelöst? |
22.08.2012, 20:24 | #12 |
/// Helfer-Team | Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) Nein, wir sind noch nicht fertig. erst ESET dann absichern, dann Absturz-Probleme. |
27.08.2012, 16:18 | #13 |
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) ich seh jetzt erst das du willst das ich mein emsisoft deinstalliere. Hab mir ne jahres lizens gekauft, werde sie jetzt nicht einfach deinstallieren. Vorallem nicht wenn man mir garnicht erklärt warum das ganze. |
27.08.2012, 20:01 | #14 |
/// Helfer-Team | Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) 1. woher soll ich wissen, dass du es gekauft hast? 2. Malware schaltet oft den Taskmanager aus. Die mussen wir erstmal finden. Dann wissen wir wie sie ins System kam. Aber egal, Problem ist ja geloest. Ich bin raus. |
27.08.2012, 20:24 | #15 | |||
| Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)Zitat:
Zitat:
Zitat:
Aber es ist doch wohl schon verständlich das man nicht bedenkenlos alles ausführt was jemand einem aufträgt. Sobald ich morgen vom Zahnarzt komme führe ich gern die letzten Schritte durch. Ich denke mal es wird für ESET reichen wenn ich Emsi dafür ausschalte. |
Themen zu Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) |
acrobat update, adobe, adobe flash player, bho, dll, einstellung, emsisoft, excel, explorer, firefox, flash player, hijack, hijackthis, internet, internet explorer, launch, locker, log, mozilla, mywinlocker, notification, phishing, plug-in, problem, rundll, secunia psi, security, siteadvisor, software, super, taskmanager, windows, wmi, wmp |