| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ijackThis: Wie kann ich die gefundenen Probleme löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.05.2010, 01:25
| #1 |
| |  ijackThis: Wie kann ich die gefundenen Probleme löschen ok, hab mit hijack this ein paar probleme(haubtsächlich irgendwas mit google) gefunden die ich gerne löschen würde(durch analyse auf der website). NUr mit fixen verschwinden die aber nicht. hab mich im forum schon mal ein bisschen schlau gemacht und stell jez hier erstmal die logfiles von HijachThis, Malewarebytes und OTL. HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:19:42, on 24.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Acer\Acer VCM\acp2HID.exe C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8930 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8930 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file) R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 209.212.147.138 google.com O1 - Hosts: 209.212.147.138 google.com.au O1 - Hosts: 209.212.147.138 www.google.com.au O1 - Hosts: 209.212.147.138 google.be O1 - Hosts: 209.212.147.138 www.google.be O1 - Hosts: 209.212.147.138 google.com.br O1 - Hosts: 209.212.147.138 www.google.com.br O1 - Hosts: 209.212.147.138 google.ca O1 - Hosts: 209.212.147.138 www.google.ca O1 - Hosts: 209.212.147.138 google.ch O1 - Hosts: 209.212.147.138 www.google.ch O1 - Hosts: 209.212.147.138 google.de O1 - Hosts: 209.212.147.138 www.google.de O1 - Hosts: 209.212.147.138 google.dk O1 - Hosts: 209.212.147.138 www.google.dk O1 - Hosts: 209.212.147.138 google.fr O1 - Hosts: 209.212.147.138 www.google.fr O1 - Hosts: 209.212.147.138 google.ie O1 - Hosts: 209.212.147.138 www.google.ie O1 - Hosts: 209.212.147.138 google.it O1 - Hosts: 209.212.147.138 www.google.it O1 - Hosts: 209.212.147.138 google.co.jp O1 - Hosts: 209.212.147.138 www.google.co.jp O1 - Hosts: 209.212.147.138 google.nl O1 - Hosts: 209.212.147.138 www.google.nl O1 - Hosts: 209.212.147.138 google.no O1 - Hosts: 209.212.147.138 www.google.no O1 - Hosts: 209.212.147.138 google.co.nz O1 - Hosts: 209.212.147.138 www.google.co.nz O1 - Hosts: 209.212.147.138 google.pl O1 - Hosts: 209.212.147.138 www.google.pl O1 - Hosts: 209.212.147.138 google.se O1 - Hosts: 209.212.147.138 www.google.se O1 - Hosts: 209.212.147.138 google.co.uk O1 - Hosts: 209.212.147.138 google.co.za O1 - Hosts: 209.212.147.138 www.google.co.za O1 - Hosts: 209.212.147.138 www.bing.com O1 - Hosts: 209.212.147.138 search.yahoo.com O1 - Hosts: 209.212.147.138 www.search.yahoo.com O1 - Hosts: 209.212.147.138 uk.search.yahoo.com O1 - Hosts: 209.212.147.138 ca.search.yahoo.com O1 - Hosts: 209.212.147.138 de.search.yahoo.com O1 - Hosts: 209.212.147.138 fr.search.yahoo.com O1 - Hosts: 209.212.147.138 au.search.yahoo.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file) O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file) O3 - Toolbar: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [WLConfig] "C:\Program Files\WLAN Monitor\WLConfig.exe" -autostart O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_S9D5B.tmp" /EF "HKLM" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Acer VCM.lnk = ? O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\accsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 13341 bytes Malewarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4117 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 24.05.2010 02:12:54 mbam-log-2010-05-24 (02-12-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 313256 Laufzeit: 1 Stunde(n), 18 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
24.05.2010, 01:26
| #2 |
| |  ijackThis: Wie kann ich die gefundenen Probleme löschen OTL:
__________________as Code:
ATTFilter OTL logfile created on: 24.05.2010 00:58:25 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Alexander\Desktop\Downloads\OLD Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 226,38 Gb Total Space | 83,32 Gb Free Space | 36,81% Space Free | Partition Type: NTFS Drive D: | 222,90 Gb Total Space | 222,80 Gb Free Space | 99,96% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALEXANDER-PC Current User Name: Alexander Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Alexander\Desktop\Downloads\OLD\OTL.exe (OldTimer Tools) PRC - C:\Users\Alexander\AppData\Local\Temp\~e5.0001 (Macrovision Europe Ltd.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\KOEI\SAMURAI WARRIORS 2\SW2.exe (KOEI Co., Ltd.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) PRC - C:\Programme\Common Files\AccSys\accsvc.exe (AccSys GmbH) ========== Modules (SafeList) ========== MOD - C:\Users\Alexander\Desktop\Downloads\OLD\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3697.dll () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (accsvc) -- C:\Programme\Common Files\AccSys\accsvc.exe (AccSys GmbH) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.21 19:06:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.21 19:05:00 | 000,000,000 | ---D | M] [2010.04.21 19:06:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions [2010.05.19 22:46:29 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\oshd8s1y.default\extensions [2010.04.21 20:17:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\oshd8s1y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.21 19:05:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.30 07:57:06 | 000,002,226 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 209.212.147.138 google.com O1 - Hosts: 209.212.147.138 google.com.au O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.be O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.com.br O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.ca O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.ch O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.de O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.dk O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.fr O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.ie O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.it O1 - Hosts: 209.212.147.138 Google O1 - Hosts: 209.212.147.138 google.co.jp O1 - Hosts: 24 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - File not found O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - File not found O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - File not found O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - File not found O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - File not found O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WLConfig] C:\Program Files\WLAN Monitor\WLConfig.exe (AccSys GmbH) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer03.JPG O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer03.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.02.28 09:12:28 | 000,156,054 | R--- | M] () - F:\autorun.bmp -- [ UDF ] O32 - AutoRun File - [2008.05.02 05:04:30 | 000,267,536 | R--- | M] (KOEI Co., Ltd.) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.03.19 02:45:18 | 000,000,197 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.21 23:20:24 | 000,000,000 | ---D | C] -- C:\Programme\KOEI [2010.05.21 21:04:35 | 000,000,000 | ---D | C] -- C:\Programme\Eidos Interactive [2010.05.19 22:23:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Avira [2010.05.19 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes [2010.05.19 15:52:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.19 15:52:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.19 15:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.19 15:52:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.19 15:46:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.05.19 15:46:25 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.05.19 15:46:25 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.05.19 15:46:25 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.05.19 15:46:25 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.05.19 15:46:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.05.19 15:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.17 17:58:21 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\KOEI [2010.05.14 16:41:59 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2010.05.14 13:23:30 | 000,000,000 | ---D | C] -- C:\Programme\Rome - Total War [2010.05.08 09:47:20 | 000,000,000 | ---D | C] -- C:\Programme\Eazel-DE [2010.05.02 00:35:26 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Tools [2010.05.01 17:14:24 | 000,000,000 | ---D | C] -- C:\Programme\Bmp_zu_Avi_6_1 [2010.05.01 17:11:07 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\open office [2010.05.01 17:10:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\spiele onlne [2010.05.01 17:09:55 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Spiele offline [2010.04.30 07:49:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\MSPITTPE [2010.04.27 15:36:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.04.27 15:17:11 | 000,000,000 | ---D | C] -- C:\Programme\2K Games [2010.04.24 10:30:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Cooper's Revenge [2009.02.02 20:35:44 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.24 00:58:50 | 002,097,152 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT [2010.05.24 00:12:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.24 00:12:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.23 18:47:41 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.05.23 17:07:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.23 14:17:22 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.23 14:17:21 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.23 14:17:21 | 000,664,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.23 14:17:21 | 000,142,622 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.23 14:17:21 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.23 14:13:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.05.23 14:12:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.23 14:12:51 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys [2010.05.23 13:20:42 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.23 13:20:42 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.23 11:49:28 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.05.23 11:08:52 | 002,385,713 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db [2010.05.21 23:20:20 | 000,001,609 | ---- | M] () -- C:\Users\Alexander\Desktop\SAMURAI WARRIORS 2.lnk [2010.05.21 21:07:41 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Kontrakty.lnk [2010.05.19 15:52:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 15:46:31 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.19 15:02:19 | 000,008,268 | ---- | M] () -- C:\Users\Alexander\AppData\Local\d3d9caps.dat [2010.05.18 16:02:13 | 000,000,841 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.new [2010.05.14 16:44:17 | 000,078,608 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2010.05.14 00:13:49 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.11 15:09:48 | 000,000,372 | ---- | M] () -- C:\Users\Alexander\Documents\cc_20100511_150935.reg [2010.05.08 09:47:11 | 000,682,232 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.06 18:00:58 | 000,000,369 | ---- | M] () -- C:\Users\Alexander\Desktop\Musik.lnk [2010.05.01 17:20:24 | 000,017,408 | ---- | M] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.01 12:15:44 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.05.01 12:15:22 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.04.30 08:13:34 | 000,324,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184940.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184939.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184938.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184937.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184936.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184935.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184934.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-184933.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-150404.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-150403.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-150402.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-150401.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-150400.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-150359.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-150354.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081048.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081047.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081046.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081045.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081044.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081040.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081031.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081030.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081029.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081028.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081027.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081026.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081025.backup [2010.04.30 07:57:06 | 000,002,873 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100430-081020.backup [2010.04.30 07:57:06 | 000,002,226 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100514-024059.backup [2010.04.30 07:57:06 | 000,002,226 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100514-024038.backup [2010.04.30 07:57:06 | 000,002,226 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100514-004540.backup [2010.04.30 07:57:06 | 000,002,226 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100504-162754.backup [2010.04.30 07:57:06 | 000,002,226 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 18:29:17 | 000,000,136 | ---- | M] () -- C:\Users\Alexander\Desktop\Borderlands - Verknüpfung.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.21 23:20:20 | 000,001,609 | ---- | C] () -- C:\Users\Alexander\Desktop\SAMURAI WARRIORS 2.lnk [2010.05.21 21:07:41 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Kontrakty.lnk [2010.05.19 15:52:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 15:46:31 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.14 00:47:23 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys [2010.05.11 15:09:38 | 000,000,372 | ---- | C] () -- C:\Users\Alexander\Documents\cc_20100511_150935.reg [2010.05.08 09:47:11 | 000,682,232 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.06 18:00:58 | 000,000,369 | ---- | C] () -- C:\Users\Alexander\Desktop\Musik.lnk [2010.04.28 18:29:17 | 000,000,136 | ---- | C] () -- C:\Users\Alexander\Desktop\Borderlands - Verknüpfung.lnk [2010.04.02 10:11:07 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.04.01 01:25:57 | 000,000,217 | ---- | C] () -- C:\Windows\wininit.ini [2010.03.05 02:11:22 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.02.14 16:27:53 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini [2009.12.18 17:14:51 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.12.18 17:14:51 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.12.02 22:12:41 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.11.26 09:04:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.20 11:17:51 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.05.16 21:19:14 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.05.16 21:19:05 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.05.04 10:49:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.02.18 22:46:16 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.02.18 22:46:16 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.02.18 22:45:02 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2009.02.02 20:33:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.02 14:14:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2009.02.02 14:14:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2009.02.02 13:43:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.11.14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.12.15 06:17:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9 < End of report > ExtrasOTL: Code:
ATTFilter OTL Extras logfile created on: 24.05.2010 00:58:25 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Alexander\Desktop\Downloads\OLD
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,38 Gb Total Space | 83,32 Gb Free Space | 36,81% Space Free | Partition Type: NTFS
Drive D: | 222,90 Gb Total Space | 222,80 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UACDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4048881090-1659008515-1093974334-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1016F7FC-232B-4A10-9498-D257E1CEA9A4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{181A0E63-7CEF-4115-8BBA-549F6D6D984F}" = lport=49796 | protocol=6 | dir=in | name=akamai netsession interface |
"{3EB1C72D-2F12-46A3-8799-6B099A8DA98B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9437D6BA-7B9F-425E-8388-AF56FAF19E13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98FDF637-2740-410D-A00E-8C278684B89A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BF365B2-791C-4424-870D-881D30EB9EAF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A6A777C7-2AA6-401C-89FB-6B7E1E3C7251}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2CDEBE7-729D-45F2-9388-B04CA7B88C84}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C8B4F1D3-3E10-43E6-833B-CFCCE38E209E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D6E3226C-55F5-4C07-8FF0-29F8E3C1F999}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E73116BE-1C5C-4D34-BD1E-3FC4EE342D9D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEAF83DA-A36D-4B2F-8857-A58F21F96726}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A0AEB69-ED22-4680-B8A8-059EFD9E04E3}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds.exe |
"{0AF93532-80D1-4B3A-AE11-DCB1F89DD597}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1D48F493-455B-4F94-987E-730A26BA55CF}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds_radeon.exe |
"{29A8E325-BF7A-48F8-BA04-CEF8139C8486}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{300EAF25-CAC2-4D1D-A6D2-E866B23B3A08}" = protocol=17 | dir=in | app=c:\programdata\9f61198\ms9f61.exe |
"{332B7C57-A1B3-494A-A2CB-C4C8A9C636B4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{37FBB3EF-501B-4346-9C30-F0717C3AE00C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3FAA9224-B6FF-4D08-AA44-7F8B0211C6C1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3FBCF60D-2644-4095-A47F-6320F0C53462}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{43DDBAE3-5B57-4078-A5FD-B241BC9A25FB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{47162ED4-7FB1-4E3B-8C02-CE965D5E98E6}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds_radeon.exe |
"{53FFC09A-11AE-426A-9BD5-C23B4FB80C8D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{5486A161-CD2A-4F22-B4FE-D34591704460}" = protocol=17 | dir=in | app=c:\maxga\snowboundonline\run.exe |
"{584AE418-D3A2-4C4A-B034-FA2D709ABED6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{5EC3488B-7C81-49DE-9FE8-DA4E63800D9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6F2FBE05-1A71-484D-BDF5-1CA2DADFFAAC}" = protocol=6 | dir=in | app=c:\programdata\9f61198\ms9f61.exe |
"{737FEE92-63AB-4C19-9963-65E27CB69C78}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{7D43BDC8-22AD-45B3-A8E7-C341360B2B4C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{84852F32-3AC6-45A9-8579-8D8A33FEDFD9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{874BA9C0-8BA2-4208-B131-375B7801E153}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9081C0FA-9F26-4D16-9FCB-CE392F9123C5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{96D467AA-0074-4D75-8D2A-88E005F1D271}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{97DAA7AF-7B9B-4112-9D98-E0076E576D20}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{9B25EDCC-7B4C-463F-BD30-271BA94E26ED}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{9FAC8AF7-33B6-4498-9673-A3C2210F9C25}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds.exe |
"{A14EC720-BBBD-47D4-B93A-84D6564C272E}" = protocol=17 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe |
"{A62F828F-0C0F-47E0-B834-CD14FC5BFB00}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AC09670F-E6A1-4DD5-AB41-798C30CE3FEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ADDF9CCF-F4EB-4BFC-A87E-5D23B099B28D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AE17C580-2866-417E-8DB8-87E8C3BDCDC6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B2CA5242-F31E-4A99-98D8-A84C4D7B8DB6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{B44B8EFA-B764-46A4-8073-15D99453AA1B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B667FEBA-6F53-4687-B98A-02D80E7B5D6C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{B92D464A-0283-45E9-920C-2BDB3C4724B5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{BBC93393-460A-4834-865C-7E730B996292}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{BC8A7034-2F13-4A2C-A2DD-51A5C705E145}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{C0771445-C4CE-42B9-BB15-A042357323F3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C0F832F5-3D98-4166-BEAD-5D0D98BF25CE}" = protocol=6 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe |
"{C38114EC-6269-4BE1-B3E0-058EC4AA5CA7}" = protocol=6 | dir=in | app=c:\maxga\snowboundonline\run.exe |
"{CDF5D316-4602-461C-A6D8-D2AC15326B9E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D5B0875A-CDBE-4A61-9B8A-B56E1D34A3C4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{DAFD5104-235D-415D-8700-83291785225F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EBFF1E75-256D-459A-868D-289BBE4517CF}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{F2C48181-1098-4676-9727-7E52E659451C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{F436D455-97D1-4126-874F-D445BAAA2773}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{F7FF5B2D-5400-4038-8F23-A25ACCD2D59C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{FA2686A9-B7B4-421B-AB8A-400B4EADA0A2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{FFFF78C0-68DF-41F4-B433-E37D03CF90B9}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{035168F4-03E9-4736-93BC-4F5808E2F190}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{0484AE44-EC56-462E-9426-1FA4365E6F73}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe |
"TCP Query User{46A6BFEA-061A-4F13-BAF6-D12E42723463}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{67C4A3E2-4B30-4FC9-8809-2D02B451DEA8}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{75A55F2D-60A4-4FEC-A99C-3AE519DC7195}C:\program files\namco bandai games\warhammer mark of chaos multiplayer demo\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer mark of chaos multiplayer demo\warhammer.exe |
"TCP Query User{7FD6EF3B-31A6-43EF-BB19-BE58B656E7A9}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{B468AC48-9D18-444B-90FF-46F4D00DAA64}C:\users\alexander\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=6 | dir=in | app=c:\users\alexander\downloads\fogdownloader-rom_2_1_0_1871.exe |
"TCP Query User{B7609E2E-98F7-44F3-B483-872CBC06805E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CE3DF856-0F5D-404C-8D4D-34B4132B88DE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E52D19AA-31D0-44B6-A439-22CE9C0AEA16}C:\users\alexander\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5kvuko9\fogdownloader-rom_2_1_0_1871[1].exe" = protocol=6 | dir=in | app=c:\users\alexander\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5kvuko9\fogdownloader-rom_2_1_0_1871[1].exe |
"TCP Query User{F74DD939-E89B-4D2D-850C-9C7CCFD4B066}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{06A02A0F-019F-4056-8982-007026152AC6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{16C9E14D-B5FA-4CFE-9D41-FBEDBBF27B94}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{1D6B52DE-462E-440B-A525-C1D59ED81BC5}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{285F0BAA-BFC3-432C-B55D-AC5FB3ED7EE0}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{63C1C15B-56BD-4DC2-888A-3F304A88A5A0}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{6EC2F0FD-FB01-47EA-B2C3-980EED93F7F7}C:\users\alexander\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5kvuko9\fogdownloader-rom_2_1_0_1871[1].exe" = protocol=17 | dir=in | app=c:\users\alexander\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5kvuko9\fogdownloader-rom_2_1_0_1871[1].exe |
"UDP Query User{8240DB16-96A4-4D70-BA20-732CFE4443EB}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{AE4E2CC5-4394-40ED-954B-0C5A72F84FC4}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe |
"UDP Query User{B5988F9A-910F-4E5D-BDC9-46AFBE199402}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C64457D0-0929-4C9A-93B7-CB7DCA14D19A}C:\program files\namco bandai games\warhammer mark of chaos multiplayer demo\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer mark of chaos multiplayer demo\warhammer.exe |
"UDP Query User{EA06AD31-3DA6-403C-A21E-833B810B49E4}C:\users\alexander\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=17 | dir=in | app=c:\users\alexander\downloads\fogdownloader-rom_2_1_0_1871.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2808E975-BD01-47DD-9852-54E3C622BDDC}" = WLAN Monitor
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{37155929-A51F-4BAB-B141-50B341F3299C}" = Desperados 2
"{3BDD2DA8-99F9-4EC9-9992-128BDAE30537}" = Hitman Kontrakty
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{798D4714-71DA-4871-87B5-E2D02C0FFC2B}" = SAMURAI WARRIORS 2
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.3
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C388D147-CCBA-411C-B9FC-2CC1B4EFB240}" = Pirates of the Caribbean
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"7-Zip" = 7-Zip 4.65
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection
AAV 6.0.00.15
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bmp_zu_Avi_6_1_is1" = Version 6.1
"CCleaner" = CCleaner (remove only)
"Eazel-DE Toolbar" = Eazel-DE Toolbar
"Game Maker 8.0" = Game Maker 8.0
"GridVista" = Acer GridVista
"heroes in the sky" = heroes in the sky
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NeoSteam_DE" = NeoSteam_DE
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Bard's Tale" = The Bard's Tale
"Two Worlds" = Two Worlds
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{798D4714-71DA-4871-87B5-E2D02C0FFC2B}" = SAMURAI WARRIORS 2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2010 02:56:32 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.05.2010 09:57:49 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2010 13:26:53 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2010 13:48:57 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung engine.exe, Version 2.0.0.0, Zeitstempel 0x426e2f24,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00378ed1, Prozess-ID 0xb90, Anwendungsstartzeit 01caf2c48c93c618.
Error - 13.05.2010 14:38:46 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2010 14:53:06 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung engine.exe, Version 2.0.0.0, Zeitstempel 0x426e2f24,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x089a8ed1, Prozess-ID 0x12f8, Anwendungsstartzeit 01caf2cd78f549db.
Error - 13.05.2010 14:56:06 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2010 14:59:30 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung engine.exe, Version 2.0.0.0, Zeitstempel 0x426e2f24,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00388ed1, Prozess-ID 0x95c, Anwendungsstartzeit 01caf2ce4e33c8fc.
Error - 13.05.2010 15:04:44 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung engine.exe, Version 2.0.0.0, Zeitstempel 0x426e2f24,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x003a8ed1, Prozess-ID 0x37c, Anwendungsstartzeit 01caf2cf0a64e0ec.
Error - 13.05.2010 15:05:09 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung engine.exe, Version 2.0.0.0, Zeitstempel 0x426e2f24,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00348ed1, Prozess-ID 0xdc0, Anwendungsstartzeit 01caf2cf31a1963c.
[ System Events ]
Error - 22.05.2010 12:30:35 | Computer Name = Alexander-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 22.05.2010 12:31:11 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.05.2010 03:21:04 | Computer Name = Alexander-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 23.05.2010 03:21:41 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.05.2010 05:48:48 | Computer Name = Alexander-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 23.05.2010 05:49:21 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.05.2010 08:12:37 | Computer Name = Alexander-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 23.05.2010 08:13:14 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.05.2010 11:08:14 | Computer Name = Alexander-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
0022FA0F96E0 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 23.05.2010 18:54:31 | Computer Name = Alexander-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
0022FA0F96E0 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >
Hoffe ihr könnt mir helfen! |
|
| Themen zu ijackThis: Wie kann ich die gefundenen Probleme löschen |
| adobe, agere systems, antivir, antivir guard, avg, avira, bho, defender, desktop, explorer, firefox, google, hijack, hijack this, internet, internet explorer, monitor, mozilla, pdfforge toolbar, plug-in, registry, rundll, safer networking, softonic, softonic deutsch toolbar, software, system, temp, vista, windows, wlan |
Linear-Darstellung
