| |
| |||||||
Log-Analyse und Auswertung: BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.09.2012, 13:25
| #1 |
| |  BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? Hallo, ich bekomme seit einigen Tagen von Avira die Fehlermeldung: "In der Datei <<C:\$Recycle.Bin\...\n>> wurde ein Virus oder unerwünschtes Programm BDS/ZeroAccess.Gen gefunden". Sonst läuft das System aus meiner Sicht normal. Keine Beeinträchtigung der Internetverbindung, normale Geschwindigkeit etc. Habe mit Avira einen vollständigen Systemscan durchgeführt und bis auf die Datei wurde nichts gefunden. Malwarebytes und TDSSKiller zeigen ebenfalls keine Funde. Wie kann ich die Datei(en) entfernen ohne das System zu beschädigen? Oder hilft hier nur eine Neuinstallation? Danke schon mal für eure Hilfe! Hier ist die defogger Log-Datei: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:52 on 09/09/2012 (XXXXXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 09.09.2012 13:52:43 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = D:\Eigene Dateien\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free 7,98 Gb Paging File | 6,37 Gb Available in Paging File | 79,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,44 Gb Total Space | 12,42 Gb Free Space | 21,25% Space Free | Partition Type: NTFS Drive D: | 78,73 Gb Total Space | 9,83 Gb Free Space | 12,49% Space Free | Partition Type: NTFS Drive K: | 29,30 Gb Total Space | 27,92 Gb Free Space | 95,28% Space Free | Partition Type: NTFS Drive L: | 39,06 Gb Total Space | 35,54 Gb Free Space | 90,98% Space Free | Partition Type: NTFS Drive M: | 73,24 Gb Total Space | 64,17 Gb Free Space | 87,61% Space Free | Partition Type: NTFS Drive N: | 73,24 Gb Total Space | 37,69 Gb Free Space | 51,46% Space Free | Partition Type: NTFS Drive P: | 97,66 Gb Total Space | 32,21 Gb Free Space | 32,98% Space Free | Partition Type: NTFS Computer Name: NONAME | User Name: XXXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.09 13:43:21 | 000,599,552 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe PRC - [2012.08.08 18:57:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:53:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:53:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.05.06 04:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- P:\Spybot - Search & Destroy\SDWinSec.exe PRC - [2005.09.06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) -- P:\CATIAV5R16\intel_a\code\bin\CATSysDemon.exe ========== Modules (No Company Name) ========== MOD - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe MOD - [2010.05.06 04:24:44 | 000,151,584 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2010.05.06 04:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.01.13 16:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.08.15 18:51:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.18 14:51:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.08 18:53:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- P:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:53:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- P:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- P:\Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.10.02 23:06:20 | 004,065,280 | ---- | M] (ANSYS, Inc.) [Disabled | Stopped] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe -- (ANSYS, Inc. License Manager) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.09.06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) [Auto | Running] -- P:\CATIAV5R16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 18:53:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 18:53:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.17 13:22:59 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.26 15:21:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.13 16:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.01.13 15:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV - [2011.01.28 14:04:50 | 000,008,198 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: P:\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: P:\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: P:\Firefox\components [2012.09.08 10:27:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: P:\Firefox\plugins [2012.07.27 19:12:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: P:\Mozilla Thunderbird\components [2011.07.28 12:08:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: P:\Firefox\components [2012.09.08 10:27:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: P:\Firefox\plugins [2012.07.27 19:12:52 | 000,000,000 | ---D | M] [2011.01.28 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions [2011.01.28 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.08 23:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions [2012.07.08 23:40:44 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} [2011.02.25 20:47:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 18:13:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} O1 HOSTS File: ([2012.07.19 19:54:39 | 000,443,619 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15236 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc) O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - P:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL (iMesh, Inc) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] P:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] P:\Office2010\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - P:\Office2010\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - P:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - P:\Office2010\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - P:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - P:\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0574a7ed-2c4a-11e0-80b6-4487fc9fa8fa}\Shell - "" = AutoRun O33 - MountPoints2\{0574a7ed-2c4a-11e0-80b6-4487fc9fa8fa}\Shell\AutoRun\command - "" = R:\LaunchU3.exe -a O33 - MountPoints2\{4a86b261-e11f-11e0-acb9-4487fc9fa8fa}\Shell - "" = AutoRun O33 - MountPoints2\{4a86b261-e11f-11e0-acb9-4487fc9fa8fa}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.09 13:43:20 | 000,599,552 | ---- | C] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe [2012.09.07 20:44:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Malwarebytes [2012.09.07 20:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.07 20:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.07 20:43:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.24 13:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\371DA [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.09 13:52:04 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\defogger_reenable [2012.09.09 13:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.09 13:43:21 | 000,599,552 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe [2012.09.09 13:43:14 | 000,050,477 | ---- | M] () -- D:\Eigene Dateien\Desktop\Defogger.exe [2012.09.09 12:46:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 12:46:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 12:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.09 12:39:00 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys [2012.09.09 12:03:13 | 027,896,540 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.09 12:03:13 | 008,747,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.09 12:03:13 | 008,739,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.09 12:03:13 | 007,872,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.09 12:03:13 | 000,005,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.21 10:59:26 | 000,000,125 | ---- | M] () -- C:\Windows\wininit.ini [2012.08.16 10:04:26 | 000,435,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.09 13:52:04 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\defogger_reenable [2012.09.09 13:43:13 | 000,050,477 | ---- | C] () -- D:\Eigene Dateien\Desktop\Defogger.exe [2012.08.21 10:59:26 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini [2012.06.28 18:23:54 | 000,004,608 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.12 21:41:27 | 000,004,614 | ---- | C] () -- C:\Users\XXXXXX\.recently-used.xbel [2011.09.01 20:15:01 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI [2011.07.22 19:19:26 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\{99DCA071-82B5-48A8-B14B-7D2818AC516C} [2011.05.31 09:48:35 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.16 19:35:30 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\{B876362B-0F51-4B85-A0D3-7DAF1E0E015A} [2011.04.14 20:39:35 | 000,851,968 | ---- | C] () -- C:\Users\XXXXXX\file.rth [2011.04.14 20:39:35 | 000,393,216 | ---- | C] () -- C:\Users\XXXXXX\file.full [2011.04.14 20:39:35 | 000,393,216 | ---- | C] () -- C:\Users\XXXXXX\file.esav [2011.04.14 20:39:35 | 000,001,710 | ---- | C] () -- C:\Users\XXXXXX\file.BCS [2011.04.14 20:39:35 | 000,000,151 | ---- | C] () -- C:\Users\XXXXXX\file.stat [2011.04.14 20:05:47 | 000,003,917 | ---- | C] () -- C:\Users\XXXXXX\file.err [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.26 10:29:55 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.28 13:09:16 | 000,007,599 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\Resmon.ResmonCfg [2011.01.27 21:11:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.05.12 14:08:18 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.04.15 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\anshelp [2011.05.14 16:07:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Ansoft [2011.04.23 20:25:23 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Ansys [2011.02.13 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Canon [2011.02.04 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DAEMON Tools Lite [2011.01.28 13:40:45 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DassaultSystemes [2011.11.11 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Dev-Cpp [2012.07.30 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoft [2011.02.25 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.12 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\gtk-2.0 [2011.01.28 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Helios [2012.05.05 11:24:47 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\ICAClient [2012.02.25 20:31:00 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\ICQ [2011.09.10 12:34:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Lionhead Studios [2011.01.26 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\OEM [2012.07.08 16:59:40 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\SoftGrid Client [2011.07.28 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Sony [2011.01.28 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\T-Online [2011.01.28 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Thunderbird [2011.02.26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TrueCrypt [2012.07.12 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software [2011.03.02 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\XnView [2012.08.18 18:10:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DED17083 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.09.2012 13:52:43 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = D:\Eigene Dateien\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free
7,98 Gb Paging File | 6,37 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,44 Gb Total Space | 12,42 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 78,73 Gb Total Space | 9,83 Gb Free Space | 12,49% Space Free | Partition Type: NTFS
Drive K: | 29,30 Gb Total Space | 27,92 Gb Free Space | 95,28% Space Free | Partition Type: NTFS
Drive L: | 39,06 Gb Total Space | 35,54 Gb Free Space | 90,98% Space Free | Partition Type: NTFS
Drive M: | 73,24 Gb Total Space | 64,17 Gb Free Space | 87,61% Space Free | Partition Type: NTFS
Drive N: | 73,24 Gb Total Space | 37,69 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 32,21 Gb Free Space | 32,98% Space Free | Partition Type: NTFS
Computer Name: NONAME | User Name: XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- P:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- P:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14D94DE7-CBCB-45DF-AAF6-56C7C8D910F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1EA5C95D-A017-407A-9F1D-BE57A8576825}" = lport=445 | protocol=6 | dir=in | app=system |
"{200CBCE1-74D7-4FF3-9857-3045D10CF6FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{27766360-B01C-4F49-9BA5-532C24030F76}" = lport=137 | protocol=17 | dir=in | app=system |
"{31D9B472-219E-4A2D-ADBA-F1632F85B4D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5021F107-6F92-466C-9401-682A2EDAB3F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{540EC77C-275E-4939-B2CF-64E295447349}" = lport=6004 | protocol=17 | dir=in | app=p:\office2010\office14\outlook.exe |
"{55C24B1D-A0C1-4593-AC83-91C04E76EF23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56703A41-8E90-42AA-AD3E-582FED0E03B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6E49A759-667E-41E0-A0FF-E2E5FF6861A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{881328EF-78EE-42DF-86CE-E219D34A876C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7236A31-919A-4AE6-A9F5-0BAD3CC7A794}" = rport=139 | protocol=6 | dir=out | app=system |
"{C1097B2D-BC0D-4483-AFB6-8B12297293DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{E0543C28-7D2E-4083-B9F7-6F7E0E611C3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA3B4518-F05C-428E-ADA0-EE1E129AFC08}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03618570-ABA6-44F0-B42B-4C94A77DEFF4}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{0EDB7E15-F2B0-4159-A5F1-B15CC5FB3972}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{12C93B20-D4A7-40CF-A10B-6197FC1E7274}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{134C9A17-3CB4-4AA1-A3F6-686377FFBFDB}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"{1C3B1DCB-DC9B-416A-AEFE-6E6401F6D2AD}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{1D8AABEC-5B7B-4394-931F-309CBA25F601}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1E6699E2-CB6B-4A96-BFA9-F08E4EFC67DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{268E0A85-6EC3-4EFB-B939-777349CB6284}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{28C94C6D-1BCC-4855-AF89-0B569130F6A4}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{2E98B05E-CFAE-44BF-93EA-96C8EF8228BB}" = protocol=6 | dir=in | app=p:\steam\steam.exe |
"{3393C40E-009D-4D79-83D1-A4543766E09D}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\desktopproxy.exe |
"{39ED290E-1769-4753-AA5C-DB9DC7A11A2F}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"{40028AFD-06B2-4DF4-A2A4-E4B04BBB2933}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{45ADB3D3-FB0B-4674-B790-772E3794B0AC}" = protocol=17 | dir=in | app=p:\office2010\office14\groove.exe |
"{47227717-D7B1-43EE-BCE3-0CF472BF192C}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{52D030A3-B58E-46CF-BD1E-BF084A596753}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5326CB67-3784-4E24-A93F-9B21EEFCD10F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{54580285-26ED-4997-B799-1F4228EFBCB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{642E6FF3-E0F0-4D45-BDBA-23C76725AA22}" = protocol=6 | dir=in | app=p:\steam\steam.exe |
"{64628816-6CF4-44C3-A1AD-902C3F13CADC}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\ansoftrsmservice.exe |
"{6F802B5A-24B1-49F1-8481-A241D6CDDDDB}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\desktopproxy.exe |
"{701A2416-1003-4DDD-8A23-1B6458918CF1}" = protocol=17 | dir=in | app=p:\steam\steam.exe |
"{722EEC6F-8BAF-4580-B5BB-BC3ADB390402}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"{7234945D-DC46-4D29-B8D5-45707E9CF099}" = protocol=6 | dir=in | app=p:\steam\steamapps\common\risen 2\system\risen2.exe |
"{748FCD31-4267-44E5-B6A8-43DCC55D3CCC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C23AE58-45C1-41E2-B1A8-F5A18A9D049D}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\ansoftrsmservice.exe |
"{7FFFF2EF-4399-498B-B65B-46A3DD717250}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{8432F022-5538-445A-B825-FCA713008581}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{890C6BEE-2335-4F7F-AB7D-FE04F9F91AA6}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"{89FE2993-E60A-40D6-A6E2-A7BBE1DB6953}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{8ABE7E11-70F7-4FDB-B8A8-ABCFF9EE648C}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\ansoftrsmservice.exe |
"{8CD3FF64-9B1B-4E06-B31C-F099977216CE}" = protocol=6 | dir=in | app=p:\office2010\office14\groove.exe |
"{8F34E0B0-769A-40CE-BE1C-5393438CB803}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{92EE3E74-262F-4768-AB8C-E60BD41CDF78}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\desktopproxy.exe |
"{9C760A76-61E6-4A81-8085-054A8690F111}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\desktopproxy.exe |
"{A517C298-E844-43DF-99FB-76DDA43745F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5C9C988-3C60-4C6E-A07C-8C841BE330AB}" = protocol=17 | dir=in | app=p:\office2010\office14\onenote.exe |
"{A76FD036-3398-460B-8F0B-81169123082A}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{A9DD0E57-33C0-4616-B330-C385819E4314}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{AD63BA9D-D561-4F8D-9D02-F9167AAC1787}" = protocol=6 | dir=in | app=p:\microsoft office\office12\onenote.exe |
"{AFC4A08A-F4D6-4DF7-885E-E8C0F52A9CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{B43563B9-D7AF-4C3D-A452-4A4C2364E4AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3960EE0-71ED-45FA-B32E-37C874CD3F90}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{C91B15F4-992C-4620-923C-82CC22DA165F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{CCADCABC-BE30-4394-B968-5D476B11246A}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\desktopproxy.exe |
"{D09A1AEA-B570-4C53-AF34-47D783088AE3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{D20DF90A-D031-40FC-B0FF-F7530E193870}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\maxwell.exe |
"{D2BDCF9A-2309-4615-BDFE-4F1C3A809F43}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\ansoftrsmservice.exe |
"{D493ED47-4E5C-424D-8EF9-B447B6E4629E}" = protocol=17 | dir=in | app=p:\steam\steamapps\common\risen 2\system\risen2.exe |
"{DC2728A1-FC7B-42C0-B44F-065C5E3DB0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{E6A01AB2-B76E-4F0B-A1BF-90AED7EA32D7}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\desktopproxy.exe |
"{E6E77709-B702-4E7E-901C-7752B2326818}" = protocol=6 | dir=in | app=p:\office2010\office14\onenote.exe |
"{E73366B5-DA52-43B3-85B9-9D674CC4698A}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\maxwell.exe |
"{E944C041-61FE-497F-8B90-8E90EB5D2CFD}" = protocol=17 | dir=in | app=p:\microsoft office\office12\onenote.exe |
"{EA9E08F9-17E4-4AF5-9EB6-D7E7617FE806}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{F2A40DB3-0D47-4D3D-8BA2-178D23E17BC8}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{F5A5358E-42B0-453D-8FF7-6F84EB004869}" = protocol=17 | dir=in | app=p:\steam\steam.exe |
"{F5CED08F-D11F-43D9-AD9C-3F5ADBC6FB15}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\ansoftrsmservice.exe |
"{F91E72DD-7DD7-4933-9B18-92C66625B9C7}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\ansoftrsmservice.exe |
"TCP Query User{07E5B3D2-D168-41D9-97CB-4CCA1B8A783F}P:\ansoft\maxwell14.0\maxwell.exe" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"TCP Query User{1BBAEA4D-36D0-4DEC-9F08-0562AD77859B}P:\catiav5r16\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=p:\catiav5r16\intel_a\code\bin\cnext.exe |
"TCP Query User{43806F10-EF3B-4366-B117-B133A8B24C50}P:\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=p:\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"TCP Query User{465977BF-2CE1-4728-BF06-31B6561058A6}P:\ansys inc\v121\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\framework\bin\win64\ansysfww.exe |
"TCP Query User{490FBB73-26E1-4AA3-BB49-FC122B79C95A}P:\ansoft\maxwell14.0\maxcir.exe" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxcir.exe |
"TCP Query User{65E73695-61BA-41B1-A719-FED8A52B9607}P:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe |
"TCP Query User{67332BA4-C303-43C7-A7FA-A1012F1FF55A}P:\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=p:\videolan\vlc\vlc.exe |
"TCP Query User{7EC2B4D5-EE55-4573-BA83-BD81941BB205}P:\ansoft\simplorer9.0\simplorer.exe" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"TCP Query User{A2D7CACA-D9EB-436A-BB0F-94ACF601CA9E}P:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe |
"TCP Query User{DBCEB2E2-4146-4B81-A0C6-D5A39465B684}P:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe |
"TCP Query User{FC659AC0-F6D7-4A9F-A908-C95EEE411AB5}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"UDP Query User{07DAB663-6D3E-43AC-B544-E28B955293E1}P:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe |
"UDP Query User{16B20AD3-D7FF-4757-897E-A53B4BE4D38E}P:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe |
"UDP Query User{1A5F9F4E-C674-4007-8383-822D12C5C915}P:\catiav5r16\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=p:\catiav5r16\intel_a\code\bin\cnext.exe |
"UDP Query User{2704E31F-376B-4228-AFA2-F04EBD69B765}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"UDP Query User{4EEFB4E3-73E3-41D8-A274-418E32C77519}P:\ansoft\maxwell14.0\maxcir.exe" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxcir.exe |
"UDP Query User{5AD3CB4A-2109-4F52-AA9F-E30200F9926D}P:\ansoft\maxwell14.0\maxwell.exe" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"UDP Query User{75C941F0-850E-40BD-9765-DFE4CB7E86E5}P:\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=p:\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"UDP Query User{B81708C4-A7D8-4094-A705-5D86001B628C}P:\ansoft\simplorer9.0\simplorer.exe" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"UDP Query User{C92ED6E7-A827-4723-9F42-05005C5D7E20}P:\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=p:\videolan\vlc\vlc.exe |
"UDP Query User{E3BD8EE2-A9A4-4943-B4A4-6BE2DFD5DA5C}P:\ansys inc\v121\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\framework\bin\win64\ansysfww.exe |
"UDP Query User{F12DEC18-59A0-41DB-A32A-C2FFD684C4AB}P:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F3E04B1-390D-35F3-4C08-D82C7FB95AE5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C42B7876-FA88-4F4A-9A5F-E175AD143F2A}" = ATI Catalyst Install Manager
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Dassault Systemes B16_0" = Dassault Systemes Software B16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0242111E-DC9B-4054-B3C6-396FCE82342A}" = PExprt v7.0
"{033063B9-94AF-DC7C-95D3-35F641D8AEBE}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{171D318E-31FD-954F-0C3E-21EB06C0E899}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20460018-6444-825B-4EBA-40D8DD30F12C}" = CCC Help Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2893F5FD-0C0E-0B0F-3C70-C141539174B8}" = CCC Help Czech
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{362E1FE9-1FF7-EE96-E7FF-D5E661173FFB}" = Catalyst Control Center Graphics Full Existing
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{440D3BE4-EC27-5F34-DB56-A76E7EDF8BB1}" = CCC Help Finnish
"{46710AEB-ACE9-4386-9DFB-8B65153BFA74}" = REALTEK Wireless LAN Driver
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAFDDA4-65ED-F56B-CFC2-849E958AE6B1}" = CCC Help Korean
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4DA5BB7E-9CB8-5E01-7F96-46F1EE2F2D4F}" = CCC Help Chinese Standard
"{4FFBF030-A72F-B9FD-B944-B7850BEBE80C}" = CCC Help Swedish
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{542A08AB-AFD4-B5A4-9780-A8507A738F7F}" = CCC Help Chinese Traditional
"{5433D947-A97A-25D5-A84E-A5171D2B8D6A}" = CCC Help Hungarian
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{545E8571-FAB5-5BFC-1B70-A6A8E4ACA298}" = CCC Help Thai
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57020886-809C-746B-2303-8030A84A0EB8}" = CCC Help Turkish
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5F7E6484-A2FB-778D-431D-D181C55C3F1C}" = CCC Help German
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D441C98-EB46-D873-66A0-3FA448B8AD08}" = CCC Help Japanese
"{6DC5AFA1-10F0-D421-2147-C426D554F286}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722EB9DF-A9EF-129D-816F-C6F17769EDAA}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79437AE7-3196-2C0C-0AF6-90B2AF22D8DA}" = CCC Help Greek
"{7DF0573D-A96F-9133-2454-D80A62F9FA77}" = CCC Help Polish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{8295C50D-F52A-E4E1-4230-C4110980C3A0}" = CCC Help Norwegian
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A227815-272D-A304-015F-DA71AABADE0A}" = Catalyst Control Center Localization All
"{8AAE1CA8-68A1-15F7-DCCD-311F3435EFC4}" = Catalyst Control Center Core Implementation
"{8f9d5e25-6d54-4b98-a0fd-c0e10f922788}" = Nero 9 Essentials
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93BC4791-8EC4-363C-1274-4F1F8FB03F2B}" = Catalyst Control Center Graphics Previews Vista
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C984E3E-9B9B-CBCC-326D-A63CCE560C0C}" = Catalyst Control Center Graphics Light
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2CCE56E-8BE5-4179-A816-F536697434E6}" = Ansoft Simplorer v9.0
"{A8097381-76F0-44C3-98F3-BA71CC866A96}" = Ansoft Maxwell 14.0.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AFE5FFBC-CE6D-F6BE-7EAA-AA2760E75E03}" = CCC Help Spanish
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C0C6AD06-71E3-934A-8232-4487B751177F}" = CCC Help Dutch
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5634562-6215-543B-3E86-0CF513706972}" = CCC Help French
"{C5A177BB-C3D8-4395-A088-31A69837A648}" = Ansoft Maxwell 13.0
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4719A65-7FF1-6146-BCC3-419662516FCF}" = ccc-core-static
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC541630-B9CF-7783-3D1C-7CE1094BDD97}" = CCC Help Portuguese
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcaniA" = ArcaniA - Gothic 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DAEMON Tools Lite" = DAEMON Tools Lite
"DCTnet" = DCTnet (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Gourmet Recipe Manager" = Gourmet (nur entfernen)
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"HaaliMkx" = Haali Media Splitter
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"iMesh" = iMesh
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"PowerISO" = PowerISO
"SDR2" = Schlag den Raab - Das 2. Spiel
"SkyTest® FQ-Trainingssoftware_is1" = SkyTest® FQ-Trainingssoftware 2.0
"Steam App 40390" = Risen 2 - Dark Waters
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.97.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.09.2012 04:56:19 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 08.09.2012 05:01:17 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79f70 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x13a4 Startzeit der fehlerhaften Anwendung: 0x01cd8da0805d8b07
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\LogonUI.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: bf3da100-f993-11e1-9fc4-4487fc9fa8fa
Error - 08.09.2012 12:09:49 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmiprvse.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d42 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xe58 Startzeit der fehlerhaften Anwendung: 0x01cd8ddc5cbabfe7
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\wbem\wmiprvse.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 9cff6ab3-f9cf-11e1-8101-4487fc9fa8fa
Error - 08.09.2012 13:09:00 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79e79 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xfec Startzeit der fehlerhaften Anwendung: 0x01cd8de4a0fe7af2
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\consent.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e1b5e4b9-f9d7-11e1-9bff-4487fc9fa8fa
Error - 08.09.2012 14:33:14 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sdclt.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79920 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x640 Startzeit der fehlerhaften Anwendung: 0x01cd8df06696316d
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\sdclt.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: a5d33012-f9e3-11e1-8a86-4487fc9fa8fa
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 09.09.2012 06:39:25 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLIDSvcM.exe, Version: 6.500.3165.0,
Zeitstempel: 0x4a8b055b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xa18 Startzeit der fehlerhaften Anwendung: 0x01cd8e775e782315
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLIDSvcM.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung:
9f6cf3b6-fa6a-11e1-ac55-4487fc9fa8fa
Error - 09.09.2012 07:12:07 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x108c Startzeit der fehlerhaften Anwendung: 0x01cd8e7bf2b2a29e
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3104a4ee-fa6f-11e1-ac55-4487fc9fa8fa
[ Media Center Events ]
Error - 03.05.2011 05:51:58 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 11:51:58 - Fehler beim Herstellen der Internetverbindung. 11:51:58
- Serververbindung konnte nicht hergestellt werden..
Error - 03.05.2011 05:52:14 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 11:52:03 - Fehler beim Herstellen der Internetverbindung. 11:52:03
- Serververbindung konnte nicht hergestellt werden..
Error - 03.05.2011 11:05:04 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 17:05:04 - Fehler beim Herstellen der Internetverbindung. 17:05:04
- Serververbindung konnte nicht hergestellt werden..
Error - 03.05.2011 11:05:15 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 17:05:09 - Fehler beim Herstellen der Internetverbindung. 17:05:09
- Serververbindung konnte nicht hergestellt werden..
Error - 06.05.2011 06:30:29 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 12:30:29 - Fehler beim Herstellen der Internetverbindung. 12:30:29
- Serververbindung konnte nicht hergestellt werden..
Error - 06.05.2011 06:30:39 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 12:30:34 - Fehler beim Herstellen der Internetverbindung. 12:30:34
- Serververbindung konnte nicht hergestellt werden..
Error - 12.05.2011 07:10:31 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 13:10:30 - Fehler beim Herstellen der Internetverbindung. 13:10:31
- Serververbindung konnte nicht hergestellt werden..
Error - 12.05.2011 07:10:40 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 13:10:36 - Fehler beim Herstellen der Internetverbindung. 13:10:36
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2011 10:28:58 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 16:28:58 - Fehler beim Herstellen der Internetverbindung. 16:28:58
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2011 10:29:08 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 16:29:03 - Fehler beim Herstellen der Internetverbindung. 16:29:03
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 10.03.2011 13:45:53 | Computer Name = NoName | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 199
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22.08.2012 07:20:42 | Computer Name = NoName | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 24.08.2012 16:41:48 | Computer Name = NoName | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?08.?2012 um 22:40:18 unerwartet heruntergefahren.
Error - 25.08.2012 14:36:58 | Computer Name = NoName | Source = DCOM | ID = 10010
Description =
Error - 29.08.2012 08:21:34 | Computer Name = NoName | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 02.09.2012 04:59:26 | Computer Name = NoName | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 04.09.2012 10:24:04 | Computer Name = NoName | Source = DCOM | ID = 10010
Description =
Error - 08.09.2012 14:13:12 | Computer Name = NoName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMD External Events Utility erreicht.
Error - 08.09.2012 14:13:12 | Computer Name = NoName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 08.09.2012 14:25:18 | Computer Name = NoName | Source = DCOM | ID = 10010
Description =
Error - 08.09.2012 14:28:06 | Computer Name = NoName | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2012 um 20:27:12 unerwartet heruntergefahren.
< End of report >
|
|
11.09.2012, 11:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?Zitat:
TDSS-Killer ist KEIN Spielzeug! Bitte nicht ohne Anweisung ausführen! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
14.09.2012, 21:43
| #3 |
| | BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? Hallo,
__________________so ich habe jetzt Windows neu installiert, dann alle Updates installiert und anschließend Antivir drüber laufen lassen und es wurde nichts gefunden. Hab danach Antivir deinstalliert und mit Avast nochmal alles scannen lassen. Auch hier kein Fund. Ich trau dem ganzen Frieden aber irgendwie noch nicht. Im Ordner "$Recycle.Bin" ist wieder ein Subfolder namens: "S-1-5-21-1692514539-1397013794-4007604138-1000", den ich nicht öffnen kann. Mir ist auch aufgefallen das der Ordner "$Recycle.Bin" mit dem genannten Subfolder auf jedem Laufwerk ist. Ist das normal? TDSS-Killer hat nichts gefunden. RogueKiller sind ein paar Einträge in der Regisrty aufgefallen. Hier die Logs: TDSS-Killer: Code:
ATTFilter 22:26:56.0504 3908 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:26:56.0894 3908 ============================================================
22:26:56.0894 3908 Current date / time: 2012/09/14 22:26:56.0894
22:26:56.0894 3908 SystemInfo:
22:26:56.0894 3908
22:26:56.0894 3908 OS Version: 6.1.7600 ServicePack: 0.0
22:26:56.0894 3908 Product type: Workstation
22:26:56.0894 3908 ComputerName: NONAME
22:26:56.0910 3908 UserName: XXXXXX
22:26:56.0910 3908 Windows directory: C:\Windows
22:26:56.0910 3908 System windows directory: C:\Windows
22:26:56.0910 3908 Running under WOW64
22:26:56.0910 3908 Processor architecture: Intel x64
22:26:56.0910 3908 Number of processors: 4
22:26:56.0910 3908 Page size: 0x1000
22:26:56.0910 3908 Boot type: Normal boot
22:26:56.0910 3908 ============================================================
22:26:58.0532 3908 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:58.0579 3908 ============================================================
22:26:58.0579 3908 \Device\Harddisk0\DR0:
22:26:58.0579 3908 MBR partitions:
22:26:58.0579 3908 Initialize success
22:26:58.0579 3908 ============================================================
22:27:04.0445 3396 ============================================================
22:27:04.0445 3396 Scan started
22:27:04.0445 3396 Mode: Manual;
22:27:04.0445 3396 ============================================================
22:27:04.0944 3396 ================ Scan system memory ========================
22:27:04.0944 3396 System memory - ok
22:27:04.0944 3396 ================ Scan services =============================
22:27:05.0115 3396 1394ohci - ok
22:27:05.0115 3396 ACPI - ok
22:27:05.0131 3396 AcpiPmi - ok
22:27:05.0131 3396 adp94xx - ok
22:27:05.0131 3396 adpahci - ok
22:27:05.0147 3396 adpu320 - ok
22:27:05.0147 3396 AeLookupSvc - ok
22:27:05.0162 3396 AFD - ok
22:27:05.0178 3396 agp440 - ok
22:27:05.0178 3396 ALG - ok
22:27:05.0178 3396 aliide - ok
22:27:05.0193 3396 AMD External Events Utility - ok
22:27:05.0193 3396 amdide - ok
22:27:05.0193 3396 AmdK8 - ok
22:27:05.0209 3396 amdkmdag - ok
22:27:05.0209 3396 amdkmdap - ok
22:27:05.0209 3396 AmdPPM - ok
22:27:05.0209 3396 amdsata - ok
22:27:05.0209 3396 amdsbs - ok
22:27:05.0225 3396 amdxata - ok
22:27:05.0225 3396 AppID - ok
22:27:05.0225 3396 AppIDSvc - ok
22:27:05.0225 3396 Appinfo - ok
22:27:05.0225 3396 arc - ok
22:27:05.0225 3396 arcsas - ok
22:27:05.0287 3396 aswFsBlk - ok
22:27:05.0334 3396 aswMonFlt - ok
22:27:05.0334 3396 aswRdr - ok
22:27:05.0349 3396 aswSnx - ok
22:27:05.0349 3396 aswSP - ok
22:27:05.0349 3396 aswTdi - ok
22:27:05.0349 3396 AsyncMac - ok
22:27:05.0365 3396 atapi - ok
22:27:05.0365 3396 AtiHdmiService - ok
22:27:05.0381 3396 AudioEndpointBuilder - ok
22:27:05.0381 3396 AudioSrv - ok
22:27:05.0381 3396 avast! Antivirus - ok
22:27:05.0396 3396 AxInstSV - ok
22:27:05.0396 3396 b06bdrv - ok
22:27:05.0427 3396 b57nd60a - ok
22:27:05.0427 3396 BDESVC - ok
22:27:05.0427 3396 Beep - ok
22:27:05.0443 3396 BFE - ok
22:27:05.0459 3396 BITS - ok
22:27:05.0459 3396 blbdrive - ok
22:27:05.0459 3396 bowser - ok
22:27:05.0459 3396 BrFiltLo - ok
22:27:05.0459 3396 BrFiltUp - ok
22:27:05.0459 3396 Browser - ok
22:27:05.0474 3396 Brserid - ok
22:27:05.0474 3396 BrSerWdm - ok
22:27:05.0474 3396 BrUsbMdm - ok
22:27:05.0474 3396 BrUsbSer - ok
22:27:05.0474 3396 BTHMODEM - ok
22:27:05.0490 3396 bthserv - ok
22:27:05.0490 3396 cdfs - ok
22:27:05.0490 3396 cdrom - ok
22:27:05.0490 3396 CertPropSvc - ok
22:27:05.0490 3396 circlass - ok
22:27:05.0505 3396 CLFS - ok
22:27:05.0505 3396 clr_optimization_v2.0.50727_32 - ok
22:27:05.0505 3396 clr_optimization_v2.0.50727_64 - ok
22:27:05.0537 3396 clr_optimization_v4.0.30319_32 - ok
22:27:05.0552 3396 clr_optimization_v4.0.30319_64 - ok
22:27:05.0552 3396 CmBatt - ok
22:27:05.0552 3396 cmdide - ok
22:27:05.0552 3396 CNG - ok
22:27:05.0552 3396 Compbatt - ok
22:27:05.0568 3396 CompositeBus - ok
22:27:05.0568 3396 COMSysApp - ok
22:27:05.0568 3396 crcdisk - ok
22:27:05.0583 3396 CryptSvc - ok
22:27:05.0599 3396 DcomLaunch - ok
22:27:05.0599 3396 defragsvc - ok
22:27:05.0615 3396 DfsC - ok
22:27:05.0755 3396 Dhcp - ok
22:27:05.0755 3396 discache - ok
22:27:05.0771 3396 Disk - ok
22:27:05.0786 3396 Dnscache - ok
22:27:05.0786 3396 dot3svc - ok
22:27:05.0802 3396 DPS - ok
22:27:05.0833 3396 drmkaud - ok
22:27:05.0849 3396 DXGKrnl - ok
22:27:05.0849 3396 EapHost - ok
22:27:05.0849 3396 ebdrv - ok
22:27:05.0864 3396 EFS - ok
22:27:05.0864 3396 ehRecvr - ok
22:27:05.0864 3396 ehSched - ok
22:27:05.0864 3396 elxstor - ok
22:27:05.0864 3396 ErrDev - ok
22:27:05.0880 3396 EventSystem - ok
22:27:05.0880 3396 exfat - ok
22:27:05.0880 3396 fastfat - ok
22:27:05.0880 3396 Fax - ok
22:27:05.0895 3396 fdc - ok
22:27:05.0895 3396 fdPHost - ok
22:27:05.0895 3396 FDResPub - ok
22:27:05.0895 3396 FileInfo - ok
22:27:05.0895 3396 Filetrace - ok
22:27:05.0911 3396 flpydisk - ok
22:27:05.0911 3396 FltMgr - ok
22:27:05.0911 3396 FontCache - ok
22:27:05.0911 3396 FontCache3.0.0.0 - ok
22:27:05.0911 3396 FsDepends - ok
22:27:05.0911 3396 Fs_Rec - ok
22:27:05.0927 3396 fvevol - ok
22:27:05.0927 3396 gagp30kx - ok
22:27:05.0927 3396 gpsvc - ok
22:27:05.0958 3396 Greg_Service - ok
22:27:05.0958 3396 hcw85cir - ok
22:27:05.0958 3396 HdAudAddService - ok
22:27:05.0973 3396 HDAudBus - ok
22:27:05.0973 3396 HidBatt - ok
22:27:05.0973 3396 HidBth - ok
22:27:05.0989 3396 HidIr - ok
22:27:05.0989 3396 hidserv - ok
22:27:06.0005 3396 HidUsb - ok
22:27:06.0005 3396 hkmsvc - ok
22:27:06.0005 3396 HomeGroupListener - ok
22:27:06.0020 3396 HomeGroupProvider - ok
22:27:06.0020 3396 HpSAMD - ok
22:27:06.0020 3396 HTTP - ok
22:27:06.0020 3396 hwpolicy - ok
22:27:06.0036 3396 i8042prt - ok
22:27:06.0036 3396 iaStor - ok
22:27:06.0036 3396 iaStorV - ok
22:27:06.0036 3396 idsvc - ok
22:27:06.0051 3396 iirsp - ok
22:27:06.0051 3396 IKEEXT - ok
22:27:06.0067 3396 IntcAzAudAddService - ok
22:27:06.0067 3396 intelide - ok
22:27:06.0083 3396 intelppm - ok
22:27:06.0083 3396 IPBusEnum - ok
22:27:06.0083 3396 IpFilterDriver - ok
22:27:06.0098 3396 iphlpsvc - ok
22:27:06.0098 3396 IPMIDRV - ok
22:27:06.0098 3396 IPNAT - ok
22:27:06.0129 3396 IRENUM - ok
22:27:06.0129 3396 isapnp - ok
22:27:06.0129 3396 iScsiPrt - ok
22:27:06.0317 3396 kbdclass - ok
22:27:06.0317 3396 kbdhid - ok
22:27:06.0332 3396 KeyIso - ok
22:27:06.0332 3396 KSecDD - ok
22:27:06.0348 3396 KSecPkg - ok
22:27:06.0348 3396 ksthunk - ok
22:27:06.0363 3396 KtmRm - ok
22:27:06.0363 3396 LanmanServer - ok
22:27:06.0363 3396 LanmanWorkstation - ok
22:27:06.0395 3396 lltdio - ok
22:27:06.0410 3396 lltdsvc - ok
22:27:06.0426 3396 lmhosts - ok
22:27:06.0426 3396 LSI_FC - ok
22:27:06.0441 3396 LSI_SAS - ok
22:27:06.0441 3396 LSI_SAS2 - ok
22:27:06.0441 3396 LSI_SCSI - ok
22:27:06.0441 3396 luafv - ok
22:27:06.0457 3396 Mcx2Svc - ok
22:27:06.0457 3396 megasas - ok
22:27:06.0457 3396 MegaSR - ok
22:27:06.0457 3396 MMCSS - ok
22:27:06.0457 3396 Modem - ok
22:27:06.0473 3396 monitor - ok
22:27:06.0473 3396 mouclass - ok
22:27:06.0473 3396 mouhid - ok
22:27:06.0488 3396 mountmgr - ok
22:27:06.0535 3396 MozillaMaintenance - ok
22:27:06.0551 3396 mpio - ok
22:27:06.0551 3396 mpsdrv - ok
22:27:06.0566 3396 MpsSvc - ok
22:27:06.0566 3396 MRxDAV - ok
22:27:06.0566 3396 mrxsmb - ok
22:27:06.0582 3396 mrxsmb10 - ok
22:27:06.0582 3396 mrxsmb20 - ok
22:27:06.0909 3396 msahci - ok
22:27:06.0925 3396 msdsm - ok
22:27:06.0925 3396 MSDTC - ok
22:27:06.0972 3396 Msfs - ok
22:27:06.0987 3396 mshidkmdf - ok
22:27:07.0003 3396 msisadrv - ok
22:27:07.0003 3396 MSiSCSI - ok
22:27:07.0003 3396 msiserver - ok
22:27:07.0065 3396 MSKSSRV - ok
22:27:07.0065 3396 MSPCLOCK - ok
22:27:07.0065 3396 MSPQM - ok
22:27:07.0190 3396 MsRPC - ok
22:27:07.0190 3396 mssmbios - ok
22:27:07.0206 3396 MSTEE - ok
22:27:07.0206 3396 MTConfig - ok
22:27:07.0206 3396 Mup - ok
22:27:07.0237 3396 mwlPSDFilter - ok
22:27:07.0253 3396 mwlPSDNServ - ok
22:27:07.0253 3396 mwlPSDVDisk - ok
22:27:07.0268 3396 MWLService - ok
22:27:07.0268 3396 napagent - ok
22:27:07.0284 3396 NativeWifiP - ok
22:27:07.0440 3396 NDIS - ok
22:27:07.0455 3396 NdisCap - ok
22:27:07.0487 3396 NdisTapi - ok
22:27:07.0502 3396 Ndisuio - ok
22:27:07.0518 3396 NdisWan - ok
22:27:07.0518 3396 NDProxy - ok
22:27:07.0518 3396 NetBIOS - ok
22:27:07.0533 3396 NetBT - ok
22:27:07.0533 3396 Netlogon - ok
22:27:07.0565 3396 Netman - ok
22:27:07.0565 3396 netprofm - ok
22:27:07.0580 3396 NetTcpPortSharing - ok
22:27:07.0596 3396 nfrd960 - ok
22:27:07.0611 3396 NlaSvc - ok
22:27:07.0611 3396 Npfs - ok
22:27:07.0611 3396 nsi - ok
22:27:07.0627 3396 nsiproxy - ok
22:27:07.0627 3396 Ntfs - ok
22:27:07.0643 3396 Null - ok
22:27:07.0658 3396 nvraid - ok
22:27:07.0658 3396 nvstor - ok
22:27:07.0674 3396 nv_agp - ok
22:27:07.0674 3396 ohci1394 - ok
22:27:07.0674 3396 p2pimsvc - ok
22:27:07.0674 3396 p2psvc - ok
22:27:07.0674 3396 Parport - ok
22:27:07.0674 3396 partmgr - ok
22:27:07.0674 3396 PcaSvc - ok
22:27:07.0689 3396 pci - ok
22:27:07.0689 3396 pciide - ok
22:27:07.0689 3396 pcmcia - ok
22:27:07.0689 3396 pcw - ok
22:27:07.0689 3396 PEAUTH - ok
22:27:07.0705 3396 PerfHost - ok
22:27:07.0705 3396 pla - ok
22:27:07.0705 3396 PlugPlay - ok
22:27:07.0705 3396 PNRPAutoReg - ok
22:27:07.0721 3396 PNRPsvc - ok
22:27:07.0721 3396 PolicyAgent - ok
22:27:07.0721 3396 Power - ok
22:27:07.0736 3396 PptpMiniport - ok
22:27:07.0736 3396 Processor - ok
22:27:07.0736 3396 ProfSvc - ok
22:27:07.0736 3396 ProtectedStorage - ok
22:27:07.0736 3396 Psched - ok
22:27:07.0752 3396 PSI - ok
22:27:07.0752 3396 ql2300 - ok
22:27:07.0767 3396 ql40xx - ok
22:27:07.0767 3396 QWAVE - ok
22:27:07.0767 3396 QWAVEdrv - ok
22:27:07.0767 3396 RasAcd - ok
22:27:07.0767 3396 RasAgileVpn - ok
22:27:07.0783 3396 RasAuto - ok
22:27:07.0783 3396 Rasl2tp - ok
22:27:07.0814 3396 RasMan - ok
22:27:07.0814 3396 RasPppoe - ok
22:27:07.0845 3396 RasSstp - ok
22:27:07.0861 3396 rdbss - ok
22:27:07.0861 3396 rdpbus - ok
22:27:07.0861 3396 RDPCDD - ok
22:27:07.0970 3396 RDPENCDD - ok
22:27:07.0986 3396 RDPREFMP - ok
22:27:07.0986 3396 RDPWD - ok
22:27:08.0001 3396 rdyboost - ok
22:27:08.0001 3396 RemoteAccess - ok
22:27:08.0001 3396 RemoteRegistry - ok
22:27:08.0017 3396 RpcEptMapper - ok
22:27:08.0017 3396 RpcLocator - ok
22:27:08.0017 3396 RpcSs - ok
22:27:08.0033 3396 rspndr - ok
22:27:08.0048 3396 RTL8167 - ok
22:27:08.0048 3396 SamSs - ok
22:27:08.0064 3396 sbp2port - ok
22:27:08.0064 3396 SCardSvr - ok
22:27:08.0064 3396 scfilter - ok
22:27:08.0064 3396 Schedule - ok
22:27:08.0064 3396 SCPolicySvc - ok
22:27:08.0064 3396 SDRSVC - ok
22:27:08.0079 3396 secdrv - ok
22:27:08.0079 3396 seclogon - ok
22:27:08.0095 3396 Secunia PSI Agent - ok
22:27:08.0095 3396 Secunia Update Agent - ok
22:27:08.0095 3396 SENS - ok
22:27:08.0111 3396 SensrSvc - ok
22:27:08.0111 3396 Serenum - ok
22:27:08.0142 3396 Serial - ok
22:27:08.0173 3396 sermouse - ok
22:27:08.0189 3396 SessionEnv - ok
22:27:08.0189 3396 sffdisk - ok
22:27:08.0204 3396 sffp_mmc - ok
22:27:08.0204 3396 sffp_sd - ok
22:27:08.0220 3396 sfloppy - ok
22:27:08.0235 3396 SharedAccess - ok
22:27:08.0235 3396 ShellHWDetection - ok
22:27:08.0235 3396 SiSRaid2 - ok
22:27:08.0235 3396 SiSRaid4 - ok
22:27:08.0251 3396 Smb - ok
22:27:08.0298 3396 SNMPTRAP - ok
22:27:08.0298 3396 spldr - ok
22:27:08.0298 3396 Spooler - ok
22:27:08.0298 3396 sppsvc - ok
22:27:08.0298 3396 sppuinotify - ok
22:27:08.0298 3396 srv - ok
22:27:08.0313 3396 srv2 - ok
22:27:08.0313 3396 srvnet - ok
22:27:08.0376 3396 SSDPSRV - ok
22:27:08.0376 3396 SstpSvc - ok
22:27:08.0391 3396 stexstor - ok
22:27:08.0391 3396 stisvc - ok
22:27:08.0391 3396 swenum - ok
22:27:08.0391 3396 swprv - ok
22:27:08.0391 3396 SysMain - ok
22:27:08.0407 3396 TabletInputService - ok
22:27:08.0407 3396 TapiSrv - ok
22:27:08.0407 3396 TBS - ok
22:27:08.0407 3396 Tcpip - ok
22:27:08.0423 3396 TCPIP6 - ok
22:27:08.0438 3396 tcpipreg - ok
22:27:08.0438 3396 TDPIPE - ok
22:27:08.0438 3396 TDTCP - ok
22:27:08.0438 3396 tdx - ok
22:27:08.0438 3396 TermDD - ok
22:27:08.0454 3396 TermService - ok
22:27:08.0454 3396 Themes - ok
22:27:08.0454 3396 THREADORDER - ok
22:27:08.0454 3396 TrkWks - ok
22:27:08.0454 3396 TrustedInstaller - ok
22:27:08.0454 3396 tssecsrv - ok
22:27:08.0469 3396 tunnel - ok
22:27:08.0469 3396 uagp35 - ok
22:27:08.0469 3396 udfs - ok
22:27:08.0469 3396 UI0Detect - ok
22:27:08.0469 3396 uliagpkx - ok
22:27:08.0485 3396 umbus - ok
22:27:08.0485 3396 UmPass - ok
22:27:08.0532 3396 Updater Service - ok
22:27:08.0547 3396 upnphost - ok
22:27:08.0547 3396 usbccgp - ok
22:27:08.0547 3396 usbcir - ok
22:27:08.0547 3396 usbehci - ok
22:27:08.0563 3396 usbhub - ok
22:27:08.0563 3396 usbohci - ok
22:27:08.0563 3396 usbprint - ok
22:27:08.0563 3396 USBS3S4Detection - ok
22:27:08.0563 3396 USBSTOR - ok
22:27:08.0563 3396 usbuhci - ok
22:27:08.0579 3396 UxSms - ok
22:27:08.0579 3396 VaultSvc - ok
22:27:08.0594 3396 vdrvroot - ok
22:27:08.0594 3396 vds - ok
22:27:08.0594 3396 vga - ok
22:27:08.0594 3396 VgaSave - ok
22:27:08.0594 3396 vhdmp - ok
22:27:08.0610 3396 viaide - ok
22:27:08.0610 3396 volmgr - ok
22:27:08.0610 3396 volmgrx - ok
22:27:08.0610 3396 volsnap - ok
22:27:08.0625 3396 vsmraid - ok
22:27:08.0625 3396 VSS - ok
22:27:08.0625 3396 vwifibus - ok
22:27:08.0766 3396 W32Time - ok
22:27:08.0781 3396 WacomPen - ok
22:27:09.0078 3396 WANARP - ok
22:27:09.0093 3396 Wanarpv6 - ok
22:27:09.0109 3396 wbengine - ok
22:27:09.0109 3396 WbioSrvc - ok
22:27:09.0109 3396 wcncsvc - ok
22:27:09.0125 3396 WcsPlugInService - ok
22:27:09.0125 3396 Wd - ok
22:27:09.0140 3396 Wdf01000 - ok
22:27:09.0140 3396 WdiServiceHost - ok
22:27:09.0140 3396 WdiSystemHost - ok
22:27:09.0140 3396 WebClient - ok
22:27:09.0140 3396 Wecsvc - ok
22:27:09.0140 3396 wercplsupport - ok
22:27:09.0187 3396 WerSvc - ok
22:27:09.0187 3396 WfpLwf - ok
22:27:09.0187 3396 WIMMount - ok
22:27:09.0187 3396 WinDefend - ok
22:27:09.0203 3396 WinHttpAutoProxySvc - ok
22:27:09.0203 3396 Winmgmt - ok
22:27:09.0203 3396 WinRM - ok
22:27:09.0203 3396 Wlansvc - ok
22:27:09.0218 3396 WmiAcpi - ok
22:27:09.0218 3396 wmiApSrv - ok
22:27:09.0218 3396 WMPNetworkSvc - ok
22:27:09.0234 3396 WPCSvc - ok
22:27:09.0234 3396 WPDBusEnum - ok
22:27:09.0234 3396 ws2ifsl - ok
22:27:09.0234 3396 wscsvc - ok
22:27:09.0249 3396 WSearch - ok
22:27:09.0249 3396 wuauserv - ok
22:27:09.0249 3396 WudfPf - ok
22:27:09.0249 3396 WUDFRd - ok
22:27:09.0249 3396 wudfsvc - ok
22:27:09.0265 3396 WwanSvc - ok
22:27:09.0296 3396 ================ Scan global ===============================
22:27:09.0296 3396 [Global] - ok
22:27:09.0296 3396 ================ Scan MBR ==================================
22:27:09.0312 3396 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:11.0231 3396 \Device\Harddisk0\DR0 - ok
22:27:11.0231 3396 ================ Scan VBR ==================================
22:27:11.0231 3396 ============================================================
22:27:11.0231 3396 Scan finished
22:27:11.0231 3396 ============================================================
22:27:11.0246 2924 Detected object count: 0
22:27:11.0246 2924 Actual detected object count: 0
Rogue-Killer: Code:
ATTFilter RogueKiller V8.0.3 [09/13/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com
Betriebssystem: Windows 7 (6.1.7600 ) 64 bits version
Gestartet in : Normal Modus
Benutzer : XXXXXX [Admin Rechte]
Funktion : Scannen -- Datum : 09/14/2012 22:28:54
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Registry-Einträge : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : CleanSetup (cmd /C rmdir /S /Q "C:\Users\masteruser\AppData\Local\Temp\nro.tmp\") -> FAND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C5316836-3A75-4F74-B7B2-880C81FFDD3F} : NameServer (217.0.43.97 217.0.43.113) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FAND
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤
¤¤¤ Infektion : ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 5bab4d67880968a626a7b6d7e4b27cda
[BSP] 9fead01c78ae06cd1bacd66de11cceda : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 33761280 | Size: 59838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Abgeschlossen : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
|
|
15.09.2012, 12:39
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?Zitat:
Da du alles komplett neu gemacht hast wären wir durch, abschließend poste ich noch meinen Updateleitfaden!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? |
| 7-zip, antivir, autorun, avira, bds/zeroaccess.gen, bho, bonjour, browser, converter, dllhost.exe, document, ebay, entfernen, error, firefox, flash player, grand theft auto, home, install.exe, locker, log-datei, logfile, microsoft office starter 2010, mp3, mywinlocker, ntdll.dll, office 2007, plug-in, poweriso, programm, realtek, recycle.bin, registry, safer networking, security, senden, super, svchost.exe, system, virus, win64, windows |
Linear-Darstellung
