|
Plagegeister aller Art und deren Bekämpfung: GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.08.2012, 00:20 | #1 | |
| GVU Trojaner Hallo, auch mich hat es erwischt und nach zahllosen vergeblichen scans und versuchten Behebungen, habe ich versucht, eine Systemwiederherstellung von vor 1 Monat durchzuführen. Dies hat soweit auch geklappt und es kommt seitdem kein Bildschirm mit dieser lästigen Aufforderung mehr. Ich wäre euch aber dennoch dankbar, mal drüber zu schauen, da ich Angst habe, dass der noch immer drauf ist. Danke schon einmal im Voraus =) Hier ist der erste LOG Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.08.2012 01:09:43 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Terrorfelis\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 47,62% Memory free 7,35 Gb Paging File | 5,15 Gb Available in Paging File | 70,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685,54 Gb Total Space | 364,72 Gb Free Space | 53,20% Space Free | Partition Type: NTFS Computer Name: TERRORFELIS-PC | User Name: Terrorfelis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Terrorfelis\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5e234618000edb585e4307e30a5eb085\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\334f4a2b874af82700a37098b4b27e50\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4b22dad19a03b0a1cf7b70ff29518693\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\eca1bc38b28d3caf12dc3f6469c2be90\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\774be62ce5b089eb7118736d63a8b3e0\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\aff6ed56e2b81aadea9fe208e2e50c24\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\54db1da14798f683f534ebbd82f854f2\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6e2e6c933b6f13a9bcac17c9a8350f83\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0669a1658eb6c57166da9b9d2843577e\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a77b7b58c3a6b12d8e1d4862a5e4707c\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\27db9abf05348711baf8ce46589ea251\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b8c47ff8eba1c63c4b5d50fe571cac5a\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d9f2d9f4d4bda48670bdae6555fec6dd\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Users\Terrorfelis\AppData\Local\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation) DRV:64bit: - (ssceserd) -- C:\Windows\SysNative\drivers\ssceserd.sys (MCCI Corporation) DRV:64bit: - (sscebus) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation) DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360311k916l0403z125t7741j591 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360311k916l0403z125t7741j591 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360311k916l0403z125t7741j591 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360311k916l0403z125t7741j591 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360311k916l0403z125t7741j591 IE - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 21:27:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Terrorfelis\AppData\Roaming\5035 [2011.10.19 16:12:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 21:27:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.22 22:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terrorfelis\AppData\Roaming\mozilla\Extensions [2012.05.02 17:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terrorfelis\AppData\Roaming\mozilla\Firefox\Profiles\81yk2pq1.default\extensions [2012.08.29 00:05:04 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Users\Terrorfelis\AppData\Roaming\mozilla\Firefox\Profiles\81yk2pq1.default\extensions\{317EB79C-82C1-4D5A-9D04-342BAA96B7C0} [2011.04.07 21:54:36 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Terrorfelis\AppData\Roaming\mozilla\Firefox\Profiles\81yk2pq1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.29 00:05:04 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Terrorfelis\AppData\Roaming\mozilla\Firefox\Profiles\81yk2pq1.default\extensions\ffxtlbr@incredibar.com [2011.11.04 21:39:55 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Terrorfelis\AppData\Roaming\mozilla\Firefox\Profiles\81yk2pq1.default\extensions\welcome@toolmin.com [2011.11.09 10:30:12 | 000,002,016 | ---- | M] () -- C:\Users\Terrorfelis\AppData\Roaming\Mozilla\Firefox\Profiles\81yk2pq1.default\searchplugins\allgameshome-search - Kopie.xml [2011.11.09 10:30:12 | 000,002,016 | ---- | M] () -- C:\Users\Terrorfelis\AppData\Roaming\Mozilla\Firefox\Profiles\81yk2pq1.default\searchplugins\allgameshome-search.xml [2012.08.27 13:22:50 | 000,002,203 | ---- | M] () -- C:\Users\Terrorfelis\AppData\Roaming\Mozilla\Firefox\Profiles\81yk2pq1.default\searchplugins\MyStart Search.xml [2011.11.11 09:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.19 16:12:53 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\TERRORFELIS\APPDATA\ROAMING\5035 [2012.07.21 21:27:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.02 23:26:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.02 23:26:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.02 23:26:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.02 23:26:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.04 21:39:55 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2011.10.02 23:26:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.02 23:26:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Terrorfelis\AppData\Roaming\toolplugin\toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3907600747-4211365117-1132797400-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Terrorfelis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Terrorfelis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 83.169.184.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: DhcpNameServer = 83.169.184.33 83.169.184.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C203089A-800F-4AFD-9416-247E98A7C120}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a30d8125-dbfb-11e0-9d9c-60eb6956933d}\Shell - "" = AutoRun O33 - MountPoints2\{a30d8125-dbfb-11e0-9d9c-60eb6956933d}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true O33 - MountPoints2\{bc3267be-d369-11e1-b411-60eb6956933d}\Shell - "" = AutoRun O33 - MountPoints2\{bc3267be-d369-11e1-b411-60eb6956933d}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.29 01:07:08 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Terrorfelis\Desktop\OTL.exe [2012.08.29 00:11:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 23:13:49 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Roaming\Malwarebytes [2012.08.28 23:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.28 23:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 23:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.28 21:15:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.27 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vGrabber-software [2012.08.27 13:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.08.09 13:19:39 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{8390D26C-1F38-4A02-9DB5-4DD564EBD6AA} [2012.08.09 13:19:28 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{E6B20CC7-2E24-470B-9DA2-68FE340375C2} [2012.08.09 12:57:58 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{8763C122-D90F-4EDC-B3BB-4C3DC49BCE2C} [2012.08.09 12:57:47 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{883FA29E-14F5-487E-A96F-127BF00C4141} [2012.08.09 12:56:31 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{AA0F6CA8-01B5-4AA3-BFA8-177C536ED829} [2012.08.09 12:56:20 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{075A4222-096E-4D1D-8726-31372371D42B} [2012.08.02 23:47:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iWin [2012.08.02 23:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4shared.com [2012.08.01 13:12:41 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{3457DBE0-336C-4015-89A9-D44107003520} [2012.08.01 13:12:24 | 000,000,000 | ---D | C] -- C:\Users\Terrorfelis\AppData\Local\{6C880A5C-8988-4728-B774-992042D48923} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Terrorfelis\AppData\Roaming\*.tmp files -> C:\Users\Terrorfelis\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.29 01:07:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Terrorfelis\Desktop\OTL.exe [2012.08.29 00:14:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 00:14:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 00:11:33 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 00:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 00:06:40 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2012.08.28 23:10:03 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.09 17:36:56 | 001,792,462 | ---- | M] () -- C:\Users\Terrorfelis\Desktop\Foto0427.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Terrorfelis\AppData\Roaming\*.tmp files -> C:\Users\Terrorfelis\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 00:11:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.28 17:40:22 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.09 17:36:40 | 001,792,462 | ---- | C] () -- C:\Users\Terrorfelis\Desktop\Foto0427.jpg [2011.10.16 17:45:55 | 000,000,085 | ---- | C] () -- C:\Users\Terrorfelis\AppData\Roaming\blckdom.res [2011.06.17 16:16:09 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.09 21:58:04 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini [2011.04.24 13:21:37 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.04.11 23:38:53 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.04.11 23:38:53 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.04.11 23:38:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.04.11 23:38:51 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2011.04.11 23:38:45 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.11 23:38:17 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2011.04.11 23:37:56 | 000,000,276 | ---- | C] () -- C:\Windows\Brownie.ini [2011.03.23 22:52:54 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.03.23 00:51:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.23 00:51:21 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.22 22:25:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.09.18 19:38:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.18 19:35:43 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C46995DA @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Hier ist noch eine OTL (Extra) Datei. OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.08.2012 01:09:43 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Terrorfelis\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 47,62% Memory free 7,35 Gb Paging File | 5,15 Gb Available in Paging File | 70,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685,54 Gb Total Space | 364,72 Gb Free Space | 53,20% Space Free | Partition Type: NTFS Computer Name: TERRORFELIS-PC | User Name: Terrorfelis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3907600747-4211365117-1132797400-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0665D9B0-EB79-461B-9872-B245CFF87473}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{067D3FED-1B99-4761-B973-BAA3B9A5170D}" = lport=138 | protocol=17 | dir=in | app=system | "{09199231-9544-44E7-BC2C-1F7A6F71D833}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | "{0CCD4839-F478-456A-B7FF-FFB80F8DEEC6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{0DC74366-6839-4A1D-A4E3-7CE0D0E5C3BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{16BC4940-BAB0-47F2-9A87-CB0E3E68920A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1C32238E-B9C5-49BF-AAF0-5B8EA4E1538B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2957D329-4B63-470C-99D7-7B8DC8329049}" = lport=2869 | protocol=6 | dir=in | app=system | "{309D6081-1A53-4909-9093-A18C6F104AE9}" = rport=445 | protocol=6 | dir=out | app=system | "{3F32AB5D-A458-4044-889E-10D9D047D611}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3F8EBFC4-9A07-4421-B42E-4A2D6B35ED5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{482D2832-E05A-4082-B8CE-480329A29BAC}" = lport=139 | protocol=6 | dir=in | app=system | "{4FBCA66E-D166-4167-868E-85A78E4CF261}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50C7D4A1-D25A-46E5-A1FB-94CB2991358C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{50CAA25A-04A6-403C-A441-EFE4F902A3DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5AAE297F-60D1-47D6-8B5F-F4476570C3AC}" = lport=10243 | protocol=6 | dir=in | app=system | "{73B1B983-224C-40DD-BF2A-DCEB2692F544}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E1E1648-078E-4D88-9A86-9EEB6E5E0509}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{82533CB1-FB46-4494-BB58-7B136A37789C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{84B12DE3-F6A8-4677-B639-DF457E97C508}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{87055F22-FCDF-4262-99DA-142C596429DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8BA1DEB5-28EE-4DCB-89B6-E34A16FFAC40}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8DE562FD-28AD-4451-ADE0-6EC36E8DCF92}" = lport=2869 | protocol=6 | dir=in | app=system | "{95370339-40E4-4675-A1D1-17066B242B89}" = rport=138 | protocol=17 | dir=out | app=system | "{981CAA67-3946-409F-A942-E7E699425DDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BE083F8B-2346-44D1-8554-AD1583E29409}" = rport=137 | protocol=17 | dir=out | app=system | "{C06096A9-2692-47AE-9933-EED77A226C3E}" = lport=137 | protocol=17 | dir=in | app=system | "{C5116980-45FB-4796-BBB7-85B8B44D5BE1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C731323B-F69A-4277-9BD4-EE3EBE77BA3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C7D8500A-0790-4E72-BEDB-6869F90CD820}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CA87F973-5832-4F30-8966-62EF697FA570}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E05F8521-1C0B-4E13-B66A-3AE4120EA597}" = lport=445 | protocol=6 | dir=in | app=system | "{E1BA6604-4CCB-4B30-BAC8-FA1C58BCA411}" = rport=139 | protocol=6 | dir=out | app=system | "{E40AD63A-344B-4CEA-B594-2CF7B00CADC9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E515E227-B998-424A-8B8B-FA61552C492A}" = rport=10243 | protocol=6 | dir=out | app=system | "{E950224B-FBB7-40C5-A293-E29771477AB9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F13FCC5B-F770-4420-84F1-8D074AEC96B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F46175-7A6C-41F7-A842-04D5C0A561C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{058DA1E5-5D1E-4EE7-846E-749FEB144D0F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{0AE95790-00BD-47E1-865E-95234932E2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{17D0DE6F-D537-4851-AB92-8F1AD24FE1D9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{2256B642-AF1F-47FD-B491-9A9E313B3CFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{233FDFF4-AC42-48DA-B644-BF4400A181FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{2B788F59-7C1E-4160-99DD-6B8225366F28}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{2C45481D-5D6B-4473-801B-3B67D0DA1A9D}" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | "{34D907B2-2003-48CB-B279-E20D68D0A7D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3705D897-FBBF-49D8-BFEB-5004B518218D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{37E951DD-60CE-423E-B89E-7D073E4C6E4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3D2749A0-FBFA-4E5B-B961-64DCBE05C2EA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{4044719B-F1D4-4EA4-A792-FF5855A84342}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{472DD798-74BC-4F8E-9FF3-756150DCC855}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{49F14E0F-A993-4195-BBFD-0039754AC3E4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{4D984FB1-4E47-4E8F-B9A2-F498CA1C604D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{53E0044F-BE22-42CE-86F3-9BF8326C8811}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{57FD8856-424B-47B4-8234-57CD3D45BEB1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{58AB0599-969A-4D13-867E-8E07231996C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A0762B0-5A34-4F5C-8A44-5D5700FF8253}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{5AD3FEA9-47FD-4718-A2F9-70CA24EA3E47}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{5D6C0ACD-2B03-46EB-8134-16CA5D4F52F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{690B7185-D2D0-478F-A072-EC4BCA877706}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{6EB16F71-E94E-4781-AF26-53AECD3DF765}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{719437A0-989D-4073-A57C-DC25C8FDFAD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75996539-D273-465F-8C16-BD8E123B25A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7ED9464E-DCB1-4B25-897F-5FD364315D73}" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | "{83F1CB6C-6A6D-4FCE-AA5E-BE54ED871969}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{845E7687-6A5E-4B56-A718-4F9E9F18EFC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{847CE7AD-1556-4236-9238-778E008244E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{880F2D33-55BF-44CD-B634-3D324C47F76E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8F0B98D7-ED49-4669-93C6-F6B5FB134B18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{905302D9-DF34-4324-B6F0-3A38564DBCBB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9896CB41-BCA8-47BB-9559-AAEE1CAFBBCF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9BEAB043-FFFB-4E3C-B14B-6D010B09B83F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C3E9AAF-9C52-443F-90D0-DD141D043B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9DF42407-52A9-4AEB-89DD-95A587FCBD07}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A6737B58-9871-4441-A8F7-E7DE23EADE20}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{A9579EF9-D7E9-4BFE-B7D1-3527D066D9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B0E16046-DBF5-4017-A713-1DA916D07977}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{B6846231-490E-4B2B-9915-6A37B9D4E3F9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{BBA5F9FE-3FE3-4A19-927F-A45670E2DEF8}" = protocol=6 | dir=out | app=system | "{BD372510-DB8B-4C1E-9A97-E0C1E7B0C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{CA3A6BCC-6F2E-4C4F-B869-5313E0013DD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CC6D6278-D2FD-480A-ADC2-AF8577173AD1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{CDEEB028-1340-41A0-8C6A-3B61243DCF3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D19D54D2-F6DB-48BD-A132-4E5C93623E81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D1AA2A13-F374-4BBB-903C-6D91DDFF0C18}" = protocol=58 | dir=in | app=system | "{D3A48501-26D0-4640-BBAA-CAAADEAECC72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D7E92FEC-C8E2-4912-A337-D75E1BDEE0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D83F6FDC-E106-4421-84C3-031A163ECCD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E25EEBE4-482F-47D2-996F-73CD4A4B6B10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E480B816-3D56-4CBE-8655-3B3789E40315}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{E7F7FC98-DC47-4936-A48C-B69AE887C695}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{EC0CF734-D309-42C0-AF1B-F58FD9E400FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F10B56BC-D6B0-4F5E-8E2E-F027C5E85137}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F33077F3-B13D-4DBF-8175-F8E5B5D47948}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{F3864209-DF57-45D4-83B2-1E8A8812D92E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{FFA2CAD5-4BC9-4D86-B056-3E3AAEDAA6A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{0761F02A-C27F-419D-ABC3-D1DE48C00EBB}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "TCP Query User{351F1DE3-4C65-4A35-B7A1-C605AA969D37}C:\program files (x86)\jdownloader\jdlauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jdlauncher.exe | "TCP Query User{44E1B423-531E-4046-B6AD-0BFBF9FEDA59}C:\program files (x86)\jdownloader\jdlauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jdlauncher.exe | "TCP Query User{77AED61C-93E4-45F7-B641-4CBC1356751E}C:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | "TCP Query User{7943F69C-D202-4B88-BA5B-52F2FCCB4874}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "TCP Query User{9A978A98-04ED-4136-BAEA-D30970B9D22D}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "TCP Query User{A0805BE3-7AD4-49D0-9DF4-5BB5D13489E6}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{221782C7-4BFB-46A9-9F0F-5F0A43AAEF15}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{8CB4AE6D-96C0-422A-AE92-0CEE5E447CF0}C:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | "UDP Query User{8D4AF7F3-4DCC-481E-A785-A0040EB59281}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{B7B92755-1739-470C-B9C2-03881B61C281}C:\program files (x86)\jdownloader\jdlauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jdlauncher.exe | "UDP Query User{F389EDC7-5572-4280-85DA-96DE62523A92}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "UDP Query User{F512397C-5054-4754-906B-1B779C38FAB6}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "UDP Query User{F99FE6D4-B7F9-45D4-A408-E2E68EB5D89D}C:\program files (x86)\jdownloader\jdlauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jdlauncher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish "{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E86176C-EB38-443B-BB6E-66E30BEF9283}" = Brother HL-2030 "{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding "{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light "{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian "{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F148D1E-6B2D-4934-A7D9-248EA5AB51B1}_is1" = Hunted™ - The Demon's Forge "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management "{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BD11E3C6-065E-40BB-A129-435C4530A159}_is1" = Jewel Master "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All "{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing "{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation "{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian "{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish "1489-3350-5074-6281" = JDownloader 0.9 "Abenteuer von Luxor" = Abenteuer von Luxor "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Gardenscapes_is1" = Gardenscapes "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Midnight Mysteries" = Midnight Mysteries "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator "PunkBusterSvc" = PunkBuster Services "Samantha Swift and the Mystery From Atlantis" = Samantha Swift and the Mystery From Atlantis "TeamSpeak 3 Client" = TeamSpeak 3 Client "UltraISO_is1" = UltraISO Premium V9.35 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.8 "WinLiveSuite" = Windows Live Essentials "X-Force_is1" = X-Force: Fight For Destiny V0.912f02 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3907600747-4211365117-1132797400-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.06.2012 13:37:52 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 17.06.2012 13:37:52 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 17.06.2012 13:37:52 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 17.06.2012 13:37:52 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2012 12:54:10 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2012 12:54:10 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2012 12:54:11 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2012 14:47:52 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2012 14:47:52 | Computer Name = Terrorfelis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 29.07.2012 12:36:25 | Computer Name = Terrorfelis-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 01.08.2012 17:31:17 | Computer Name = Terrorfelis-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 28.08.2012 17:56:15 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst "NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 28.08.2012 17:56:15 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 28.08.2012 17:56:15 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 28.08.2012 17:56:15 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 28.08.2012 17:56:15 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 28.08.2012 17:56:15 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 28.08.2012 17:56:15 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 28.08.2012 17:56:19 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD avipbb avkmgr DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error - 28.08.2012 17:57:25 | Computer Name = Terrorfelis-PC | Source = DCOM | ID = 10005 Description = Error - 28.08.2012 18:07:00 | Computer Name = Terrorfelis-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. < End of report > --- --- --- |
29.08.2012, 03:55 | #2 | |
/// Helfer-Team | GVU TrojanerZitat:
Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________ |
29.08.2012, 10:50 | #3 |
| GVU Trojaner Bitte entschuldigt, ich habe mir den Rechner von meinem Ex einrichten lassen
__________________Ich habe einen Fertiglaptop damals bekommen und zwar den Key von Win7 da, aber eben keine Cd. Ich habe einen Acer Aspire 4820 TG mit einer Windows 7 Home Premium Version. Wie kann ich weiter vorgehen, wenn ich dann (nach einer gewissen Zeit) alle Daten gesaved habe? Ich danke dir sehr für deine Hilfe!!! Ich will den Mist endlich runter haben. Ich verstehe euren Eintrag mit Parted Magic nicht Ich habe zwar begrenzt Ahnung von Pcs, bin nun aber auch nicht die Hellste darin. Ich habe zwar schon die richtigen Audiotreiber und Grafiktreiber gefunden und schon einmal heruntergeladen, weiß aber nicht, wo ich den Chipsatzorder finde (was das richtige ist) oder Netzwerktreiber....was muss ich noch herunterladen? Ich bitte um Hilfe. Geändert von Asura (29.08.2012 um 11:00 Uhr) |
29.08.2012, 19:36 | #4 |
/// Helfer-Team | GVU Trojaner Da das nur ein Ransom ist, kannst du den Teil mit Parted Magic ueberspringen. Sichere deine Daten auf eine externe Platte und installiere Windows neu. |
31.08.2012, 12:03 | #5 |
| GVU Trojaner Ich danke dir Ich hatte zwar erst Windows neu installiert, hatte aber keinen geeigneten Treiber für meine Graka gefunden, der funktionierte, abr wie gut, dass es bei Acer die Funktion: "Auf Werkseinstellung zurücksetzen" gibt Jetzt ist mein Rechner wieder sauber und neu *freu* Ich danke dir für deine Hilfe^^ |
31.08.2012, 19:44 | #6 |
/// Helfer-Team | GVU Trojaner Wichtig ist: alle Windows Updates einspielen vor dem surfen! Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun?
__________________ --> GVU Trojaner |
31.08.2012, 21:48 | #7 |
| GVU Trojaner Danke für den einen oder anderen zusätzlichen Hinweis, den du mir noch geben konntest Du bist echt klasse =) |
Themen zu GVU Trojaner |
7-zip, adobe, antivir, autorun, avg, avira, bho, bildschirm, converter, excel, explorer, firefox, format, home, hängen, igdpmd64.sys, install.exe, ip-hilfsdienst, jdownloader, keygen, langs, launch, locker, logfile, mozilla, mp3, mywinlocker, netzwerk, office 2007, plug-in, realtek, registry, richtlinie, safer networking, search the web, security, software, temp, trojan.pws, trojaner |