Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Rechner stürzt ab

Rechner stürzt ab


Plagegeister aller Art und deren Bekämpfung: Rechner stürzt ab

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 04.07.2010, 19:19   #1
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


Hallo,
nach einen Absturz zeigt mein Rechner:

blue-screen ---> collecting data for crash dump...

Im Abgesicherten Modus ist es nicht zu beheben. Die Prozedur wiederholt sich ständig.

Ist das ein Virus?

Hoffe auf eine schnelle Lösung

lg
Fury

Alt 08.07.2010, 10:27   #2
Breedfight
 
Rechner stürzt ab - Standard

Rechner stürzt ab


hast du mal etwas runtergeladen, was virenverseucht gewesen sein könnte?
hast du deinen rechner vielleicht einfach überladen? (ein bekannter hatte genau dein problem und im endeffekt hatte er seinen rechner überladen und dann ist er bei jedem bootvorgang abgekratzt)
__________________
Alt 08.07.2010, 11:04   #3
markusg
/// Malware-holic
 
Rechner stürzt ab - Standard

Rechner stürzt ab


hast du schon mal letzte bekannte funktionierende konfiguration starten versucht?
__________________
Alt 08.07.2010, 11:41   #4
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


Hallo und danke für die Antworten.
Ich habe schon alles versucht. Mir wurde gesagt es könnte evtl. die Festplatte sein.
Der Rechner stürzt nach ca. 45 min ab.

lg

Alt 08.07.2010, 11:42   #5
markusg
/// Malware-holic
 
Rechner stürzt ab - Standard

Rechner stürzt ab


du meinst er stürtzt alle 45 minuten ab?
mach doch bitte erst mal ne sicherung all deiner wichtigen daten, nicht das sie bei einem der abstürtze verloren gehen, melde dich, wenn das erledigt ist.


Alt 08.07.2010, 11:53   #6
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


Danke Dir!
Die Datensicherung habe ich schon gemacht.

Alt 08.07.2010, 11:54   #7
markusg
/// Malware-holic
 
Rechner stürzt ab - Standard

Rechner stürzt ab


ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide

Alt 08.07.2010, 11:55   #8
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


Zitat:
Zitat von Breedfight Beitrag anzeigen
hast du mal etwas runtergeladen, was virenverseucht gewesen sein könnte?
hast du deinen rechner vielleicht einfach überladen? (ein bekannter hatte genau dein problem und im endeffekt hatte er seinen rechner überladen und dann ist er bei jedem bootvorgang abgekratzt)
Nein überladen ist er nicht.Ein Virenschutzprogramm habe ich auch.

lieben dank1

Alt 08.07.2010, 12:00   #9
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


@ markusg
oh, das habe ich noch nicht gemacht! Das dauert eine Weile

vielen Dank

Alt 08.07.2010, 13:50   #10
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


@ markusg
Habe den Scan jetzt gemacht.
Das sind ja ewig lange Texte...ist das richtig so?

lg

Alt 08.07.2010, 13:54   #11
markusg
/// Malware-holic
 
Rechner stürzt ab - Standard

Rechner stürzt ab


ja. wenn zu lang einfach aufteilen

Alt 08.07.2010, 14:21   #12
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.07.2010 14:31:29 - Run 2
OTL by OldTimer - Version 3.2.8.1     Folder = C:\Users\die2\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,08 Gb Total Space | 220,02 Gb Free Space | 75,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 290,09 Gb Total Space | 289,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC3
Current User Name: die2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\die2\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\die2\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation)
MOD - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (vmware-converter-server) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-agent) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (vstor2-mntapi10) -- C:\Programme\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.)
DRV - (bmdrvr) -- C:\Windows\System32\drivers\bmdrvr.sys (VMware, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (se59mdm) -- C:\Windows\System32\drivers\se59mdm.sys (MCCI)
DRV - (se59mdfl) -- C:\Windows\System32\drivers\se59mdfl.sys (MCCI)
DRV - (se59bus) Sony Ericsson Device 089 driver (WDM) -- C:\Windows\System32\drivers\se59bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.04 12:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.04 12:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.10 13:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2009.11.09 21:50:45 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\mozilla\Extensions
[2010.07.08 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\mozilla\Firefox\Profiles\7zon5hnw.default\extensions
[2009.11.16 13:09:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\die2\AppData\Roaming\mozilla\Firefox\Profiles\7zon5hnw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.16 15:07:56 | 000,002,171 | ---- | M] () -- C:\Users\die2\AppData\Roaming\Mozilla\FireFox\Profiles\7zon5hnw.default\searchplugins\bing.xml
[2010.02.03 14:38:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.12 18:43:52 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.11.12 18:43:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2010.07.02 15:27:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.02 15:27:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.02 15:27:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.02 15:27:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.02 15:27:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.04 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.07.04 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.07.04 16:19:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.07.04 16:08:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.07.03 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\die2\AppData\Roaming\Uniblue
[2010.07.02 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\die2\AppData\Roaming\Avira
[2010.06.25 01:13:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.25 01:13:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.25 01:13:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.10 14:09:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.06.10 14:09:55 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.10 14:09:55 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.10 14:09:55 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.10 14:09:55 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.10 14:09:55 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.06.10 14:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.06.10 13:43:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 13:43:09 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 13:43:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 13:43:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 13:43:04 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 13:43:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 13:43:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 13:43:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 13:43:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 13:43:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 13:43:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 13:43:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 13:43:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 13:43:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 13:43:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 13:43:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 13:43:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 13:43:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 13:42:08 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.01.12 12:34:48 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.08 14:29:36 | 003,145,728 | ---- | M] () -- C:\Users\die2\ntuser.dat
[2010.07.08 14:00:00 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.07.08 13:39:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.08 13:21:12 | 000,022,528 | ---- | M] () -- C:\Users\die2\Desktop\netsvcs.scan.doc
[2010.07.08 13:11:17 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.08 13:11:17 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.08 13:11:17 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.08 13:11:17 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.08 13:11:17 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.08 13:05:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.07.08 13:05:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.08 13:05:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.08 13:05:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.08 13:05:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.08 13:05:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.08 13:04:33 | 3219,582,976 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.06 20:25:42 | 000,524,288 | -HS- | M] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000001.regtrans-ms
[2010.07.06 20:25:42 | 000,065,536 | -HS- | M] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TM.blf
[2010.07.06 18:42:49 | 004,029,993 | -H-- | M] () -- C:\Users\die2\AppData\Local\IconCache.db
[2010.07.06 10:13:08 | 000,000,217 | ---- | M] () -- C:\Windows\wininit.ini
[2010.07.04 19:46:47 | 000,305,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.04 19:46:19 | 138,950,810 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.03 23:46:39 | 000,000,576 | ---- | M] () -- C:\Windows\.vispa
[2010.07.03 23:44:56 | 000,000,026 | -H-- | M] () -- C:\Users\die2\AppData\Roaming\vispa.ini
[2010.07.03 19:02:01 | 000,000,680 | ---- | M] () -- C:\Users\die2\AppData\Local\d3d9caps.dat
[2010.07.02 19:11:22 | 000,524,288 | -HS- | M] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 17:16:53 | 003,145,728 | -HS- | M] () -- C:\Users\die2\ntuser.dat_BAK_54658
[2010.07.02 17:16:53 | 000,524,288 | -HS- | M] () -- C:\Users\die2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 17:16:53 | 000,065,536 | -HS- | M] () -- C:\Users\die2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.02 15:30:52 | 000,000,680 | RHS- | M] () -- C:\Users\die2\ntuser.pol
[2010.07.01 09:54:09 | 000,000,636 | ---- | M] () -- C:\Windows\win.ini
[2010.07.01 09:53:59 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Banking.lnk
[2010.06.30 14:19:32 | 000,000,097 | ---- | M] () -- C:\Windows\mix-fx.ini
[2010.06.20 18:01:03 | 000,074,424 | ---- | M] () -- C:\Users\die2\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.19 15:20:30 | 000,017,104 | ---- | M] () -- C:\Users\die2\Sicherungskopie_von_text.jpg
[2010.06.10 14:09:59 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.08 13:21:11 | 000,022,528 | ---- | C] () -- C:\Users\die2\Desktop\netsvcs.scan.doc
[2010.07.06 10:13:05 | 000,000,217 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.03 23:46:27 | 000,000,576 | ---- | C] () -- C:\Windows\.vispa
[2010.07.03 23:44:56 | 000,000,026 | -H-- | C] () -- C:\Users\die2\AppData\Roaming\vispa.ini
[2010.07.03 21:33:36 | 3219,582,976 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.03 19:02:01 | 000,000,680 | ---- | C] () -- C:\Users\die2\AppData\Local\d3d9caps.dat
[2010.07.02 17:17:37 | 000,524,288 | -HS- | C] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 17:17:37 | 000,524,288 | -HS- | C] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 17:17:37 | 000,065,536 | -HS- | C] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TM.blf
[2010.07.02 17:16:48 | 000,262,144 | -H-- | C] () -- C:\Users\die2\ntuser.dat_TU_54658.LOG1
[2010.07.02 17:16:48 | 000,000,000 | -H-- | C] () -- C:\Users\die2\ntuser.dat_TU_54658.LOG2
[2010.07.02 15:30:03 | 000,000,680 | RHS- | C] () -- C:\Users\die2\ntuser.pol
[2010.07.01 09:53:59 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Banking.lnk
[2010.06.19 15:20:23 | 000,017,104 | ---- | C] () -- C:\Users\die2\Sicherungskopie_von_text.jpg
[2010.06.10 14:09:59 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.02.05 22:28:39 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010.02.05 17:07:24 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.12.16 16:37:50 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.29 19:54:45 | 000,000,097 | ---- | C] () -- C:\Windows\mix-fx.ini
[2009.11.17 18:54:40 | 000,000,564 | ---- | C] () -- C:\Windows\MusicStudio.INI
[2009.11.13 14:54:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.12 18:43:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.11.09 21:44:19 | 000,027,136 | ---- | C] () -- C:\Windows\System32\QTUninst.dll
[2009.11.09 21:35:24 | 000,000,400 | ---- | C] () -- C:\Windows\BeatBox.INI
[2009.11.09 21:35:24 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2009.11.09 21:20:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.11.09 21:15:23 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.11.09 21:05:16 | 000,000,327 | ---- | C] () -- C:\Windows\AudStu.INI
[2009.11.09 21:03:50 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.11.09 21:03:01 | 000,000,153 | ---- | C] () -- C:\Windows\magix.ini
[2009.11.09 21:02:59 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.11.09 20:07:23 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.09 19:43:49 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.11.09 19:33:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2009.03.31 17:50:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.12 05:47:14 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.12 05:18:25 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 02:01:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006.10.10 02:01:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[1999.04.29 23:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009.10.08 15:46:09 | 000,000,000 | -HSD | M] -- C:\Users\die2\AppData\Roaming\.#
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Acer GameZone Console
[2009.11.18 15:12:32 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\biu software
[2009.12.03 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\EPSON
[2009.09.28 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\eSobi
[2010.07.01 20:35:41 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\FileZilla
[2009.11.10 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\KeePass
[2009.12.04 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\MAGIX
[2010.01.21 13:15:07 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Nvu
[2009.11.10 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\POP Peeper
[2009.11.27 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Search Settings
[2009.11.10 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\T-Online
[2009.11.27 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Template
[2009.11.10 21:29:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Thunderbird
[2009.11.10 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\TuneUp Software
[2010.07.03 23:17:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Uniblue
[2010.04.01 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Windows Live Writer
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Acer GameZone Console
[2010.07.08 14:00:00 | 000,000,498 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.07.06 18:42:55 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.08 15:46:09 | 000,000,000 | -HSD | M] -- C:\Users\die2\AppData\Roaming\.#
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Acer GameZone Console
[2010.05.06 17:08:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Adobe
[2010.02.23 16:36:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Ahead
[2009.09.28 13:41:14 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\ATI
[2010.07.02 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Avira
[2009.11.18 15:12:32 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\biu software
[2009.11.09 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Corel
[2009.12.03 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\EPSON
[2009.09.28 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\eSobi
[2010.07.01 20:35:41 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\FileZilla
[2009.11.09 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Google
[2009.09.28 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Identities
[2009.11.10 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\KeePass
[2010.05.03 15:19:35 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Macromedia
[2009.12.04 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\MAGIX
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Media Center Programs
[2010.02.10 18:57:13 | 000,000,000 | --SD | M] -- C:\Users\die2\AppData\Roaming\Microsoft
[2009.11.09 20:05:26 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Microsoft Web Folders
[2009.11.10 21:30:01 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Mozilla
[2010.01.21 13:15:07 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Nvu
[2009.11.10 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\POP Peeper
[2009.11.27 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Search Settings
[2009.11.10 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\T-Online
[2009.11.27 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Template
[2009.11.10 21:29:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Thunderbird
[2009.11.10 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\TuneUp Software
[2010.07.03 23:17:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Uniblue
[2010.04.01 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2010.05.06 17:08:16 | 015,849,560 | ---- | M] () -- C:\Users\die2\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.01.25 14:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP78PV\IDE\WinVista\sataraid\nvstor32.sys
[2008.01.25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP78PV\IDE\WinVista\sata_ide\nvstor32.sys
[2008.01.25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\drivers\nvstor32.sys
[2008.01.25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_1d63ff55\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 788 bytes -> C:\Users\die2\Documents\Re_ Ihre Kleinanzeige.eml:OECustomProperty
@Alternate Data Stream - 652 bytes -> C:\Users\die2\Documents\neumon_18.11.09.eml:OECustomProperty
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F3176E45
< End of report >
--- --- ---
Alt 08.07.2010, 14:23   #13
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


...und die Extras

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.07.2010 14:31:29 - Run 2
OTL by OldTimer - Version 3.2.8.1     Folder = C:\Users\die2\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,08 Gb Total Space | 220,02 Gb Free Space | 75,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 290,09 Gb Total Space | 289,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC3
Current User Name: die2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\die2\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\bin32\nSvcIp.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\die2\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation)
MOD - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (vmware-converter-server) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-agent) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (vstor2-mntapi10) -- C:\Programme\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.)
DRV - (bmdrvr) -- C:\Windows\System32\drivers\bmdrvr.sys (VMware, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (se59mdm) -- C:\Windows\System32\drivers\se59mdm.sys (MCCI)
DRV - (se59mdfl) -- C:\Windows\System32\drivers\se59mdfl.sys (MCCI)
DRV - (se59bus) Sony Ericsson Device 089 driver (WDM) -- C:\Windows\System32\drivers\se59bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.04 12:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.04 12:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.10 13:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2009.11.09 21:50:45 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\mozilla\Extensions
[2010.07.08 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\mozilla\Firefox\Profiles\7zon5hnw.default\extensions
[2009.11.16 13:09:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\die2\AppData\Roaming\mozilla\Firefox\Profiles\7zon5hnw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.16 15:07:56 | 000,002,171 | ---- | M] () -- C:\Users\die2\AppData\Roaming\Mozilla\FireFox\Profiles\7zon5hnw.default\searchplugins\bing.xml
[2010.02.03 14:38:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.12 18:43:52 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.11.12 18:43:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2010.07.02 15:27:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.02 15:27:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.02 15:27:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.02 15:27:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.02 15:27:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2169901085-2938328895-3058549436-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.04 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.07.04 16:19:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.07.04 16:19:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.07.04 16:08:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.07.03 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\die2\AppData\Roaming\Uniblue
[2010.07.02 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\die2\AppData\Roaming\Avira
[2010.06.25 01:13:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.25 01:13:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.25 01:13:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.10 14:09:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.06.10 14:09:55 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.10 14:09:55 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.10 14:09:55 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.10 14:09:55 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.10 14:09:55 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.06.10 14:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.06.10 13:43:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 13:43:09 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 13:43:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 13:43:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 13:43:04 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 13:43:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 13:43:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 13:43:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 13:43:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 13:43:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 13:43:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 13:43:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 13:43:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 13:43:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 13:43:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 13:43:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 13:43:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 13:43:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 13:42:08 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.01.12 12:34:48 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.08 14:29:36 | 003,145,728 | ---- | M] () -- C:\Users\die2\ntuser.dat
[2010.07.08 14:00:00 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.07.08 13:39:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.08 13:21:12 | 000,022,528 | ---- | M] () -- C:\Users\die2\Desktop\netsvcs.scan.doc
[2010.07.08 13:11:17 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.08 13:11:17 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.08 13:11:17 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.08 13:11:17 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.08 13:11:17 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.08 13:05:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.07.08 13:05:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.08 13:05:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.08 13:05:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.08 13:05:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.08 13:05:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.08 13:04:33 | 3219,582,976 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.06 20:25:42 | 000,524,288 | -HS- | M] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000001.regtrans-ms
[2010.07.06 20:25:42 | 000,065,536 | -HS- | M] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TM.blf
[2010.07.06 18:42:49 | 004,029,993 | -H-- | M] () -- C:\Users\die2\AppData\Local\IconCache.db
[2010.07.06 10:13:08 | 000,000,217 | ---- | M] () -- C:\Windows\wininit.ini
[2010.07.04 19:46:47 | 000,305,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.04 19:46:19 | 138,950,810 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.03 23:46:39 | 000,000,576 | ---- | M] () -- C:\Windows\.vispa
[2010.07.03 23:44:56 | 000,000,026 | -H-- | M] () -- C:\Users\die2\AppData\Roaming\vispa.ini
[2010.07.03 19:02:01 | 000,000,680 | ---- | M] () -- C:\Users\die2\AppData\Local\d3d9caps.dat
[2010.07.02 19:11:22 | 000,524,288 | -HS- | M] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 17:16:53 | 003,145,728 | -HS- | M] () -- C:\Users\die2\ntuser.dat_BAK_54658
[2010.07.02 17:16:53 | 000,524,288 | -HS- | M] () -- C:\Users\die2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 17:16:53 | 000,065,536 | -HS- | M] () -- C:\Users\die2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.02 15:30:52 | 000,000,680 | RHS- | M] () -- C:\Users\die2\ntuser.pol
[2010.07.01 09:54:09 | 000,000,636 | ---- | M] () -- C:\Windows\win.ini
[2010.07.01 09:53:59 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Banking.lnk
[2010.06.30 14:19:32 | 000,000,097 | ---- | M] () -- C:\Windows\mix-fx.ini
[2010.06.20 18:01:03 | 000,074,424 | ---- | M] () -- C:\Users\die2\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.19 15:20:30 | 000,017,104 | ---- | M] () -- C:\Users\die2\Sicherungskopie_von_text.jpg
[2010.06.10 14:09:59 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.08 13:21:11 | 000,022,528 | ---- | C] () -- C:\Users\die2\Desktop\netsvcs.scan.doc
[2010.07.06 10:13:05 | 000,000,217 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.03 23:46:27 | 000,000,576 | ---- | C] () -- C:\Windows\.vispa
[2010.07.03 23:44:56 | 000,000,026 | -H-- | C] () -- C:\Users\die2\AppData\Roaming\vispa.ini
[2010.07.03 21:33:36 | 3219,582,976 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.03 19:02:01 | 000,000,680 | ---- | C] () -- C:\Users\die2\AppData\Local\d3d9caps.dat
[2010.07.02 17:17:37 | 000,524,288 | -HS- | C] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 17:17:37 | 000,524,288 | -HS- | C] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 17:17:37 | 000,065,536 | -HS- | C] () -- C:\Users\die2\ntuser.dat{f2223ee7-85ea-11df-b4dc-001f16f2b975}.TM.blf
[2010.07.02 17:16:48 | 000,262,144 | -H-- | C] () -- C:\Users\die2\ntuser.dat_TU_54658.LOG1
[2010.07.02 17:16:48 | 000,000,000 | -H-- | C] () -- C:\Users\die2\ntuser.dat_TU_54658.LOG2
[2010.07.02 15:30:03 | 000,000,680 | RHS- | C] () -- C:\Users\die2\ntuser.pol
[2010.07.01 09:53:59 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Banking.lnk
[2010.06.19 15:20:23 | 000,017,104 | ---- | C] () -- C:\Users\die2\Sicherungskopie_von_text.jpg
[2010.06.10 14:09:59 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.02.05 22:28:39 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010.02.05 17:07:24 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.12.16 16:37:50 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.29 19:54:45 | 000,000,097 | ---- | C] () -- C:\Windows\mix-fx.ini
[2009.11.17 18:54:40 | 000,000,564 | ---- | C] () -- C:\Windows\MusicStudio.INI
[2009.11.13 14:54:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.12 18:43:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.11.09 21:44:19 | 000,027,136 | ---- | C] () -- C:\Windows\System32\QTUninst.dll
[2009.11.09 21:35:24 | 000,000,400 | ---- | C] () -- C:\Windows\BeatBox.INI
[2009.11.09 21:35:24 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2009.11.09 21:20:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.11.09 21:15:23 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.11.09 21:05:16 | 000,000,327 | ---- | C] () -- C:\Windows\AudStu.INI
[2009.11.09 21:03:50 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.11.09 21:03:01 | 000,000,153 | ---- | C] () -- C:\Windows\magix.ini
[2009.11.09 21:02:59 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.11.09 20:07:23 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.09 19:43:49 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.11.09 19:33:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2009.03.31 17:50:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.12 05:47:14 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.12 05:18:25 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 02:01:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006.10.10 02:01:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[1999.04.29 23:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009.10.08 15:46:09 | 000,000,000 | -HSD | M] -- C:\Users\die2\AppData\Roaming\.#
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Acer GameZone Console
[2009.11.18 15:12:32 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\biu software
[2009.12.03 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\EPSON
[2009.09.28 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\eSobi
[2010.07.01 20:35:41 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\FileZilla
[2009.11.10 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\KeePass
[2009.12.04 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\MAGIX
[2010.01.21 13:15:07 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Nvu
[2009.11.10 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\POP Peeper
[2009.11.27 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Search Settings
[2009.11.10 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\T-Online
[2009.11.27 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Template
[2009.11.10 21:29:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Thunderbird
[2009.11.10 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\TuneUp Software
[2010.07.03 23:17:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Uniblue
[2010.04.01 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Windows Live Writer
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Acer GameZone Console
[2010.07.08 14:00:00 | 000,000,498 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.07.06 18:42:55 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.08 15:46:09 | 000,000,000 | -HSD | M] -- C:\Users\die2\AppData\Roaming\.#
[2009.01.12 06:06:52 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Acer GameZone Console
[2010.05.06 17:08:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Adobe
[2010.02.23 16:36:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Ahead
[2009.09.28 13:41:14 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\ATI
[2010.07.02 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Avira
[2009.11.18 15:12:32 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\biu software
[2009.11.09 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Corel
[2009.12.03 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\EPSON
[2009.09.28 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\eSobi
[2010.07.01 20:35:41 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\FileZilla
[2009.11.09 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Google
[2009.09.28 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Identities
[2009.11.10 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\KeePass
[2010.05.03 15:19:35 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Macromedia
[2009.12.04 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\MAGIX
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Media Center Programs
[2010.02.10 18:57:13 | 000,000,000 | --SD | M] -- C:\Users\die2\AppData\Roaming\Microsoft
[2009.11.09 20:05:26 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Microsoft Web Folders
[2009.11.10 21:30:01 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Mozilla
[2010.01.21 13:15:07 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Nvu
[2009.11.10 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\POP Peeper
[2009.11.27 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Search Settings
[2009.11.10 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\T-Online
[2009.11.27 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Template
[2009.11.10 21:29:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Thunderbird
[2009.11.10 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\TuneUp Software
[2010.07.03 23:17:40 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Uniblue
[2010.04.01 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\die2\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2010.05.06 17:08:16 | 015,849,560 | ---- | M] () -- C:\Users\die2\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.01.25 14:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP78PV\IDE\WinVista\sataraid\nvstor32.sys
[2008.01.25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP78PV\IDE\WinVista\sata_ide\nvstor32.sys
[2008.01.25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\drivers\nvstor32.sys
[2008.01.25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_1d63ff55\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 788 bytes -> C:\Users\die2\Documents\Re_ Ihre Kleinanzeige.eml:OECustomProperty
@Alternate Data Stream - 652 bytes -> C:\Users\die2\Documents\neumon_18.11.09.eml:OECustomProperty
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F3176E45
< End of report >
--- --- ---
Alt 08.07.2010, 15:24   #14
markusg
/// Malware-holic
 
Rechner stürzt ab - Standard

Rechner stürzt ab


das ist 2 mal die selbe. extras.txt fehlt

Alt 08.07.2010, 15:46   #15
Fury
 
Rechner stürzt ab - Standard

Rechner stürzt ab


Sorry...hab ich nicht gesehen!

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.07.2010 14:31:29 - Run 2
OTL by OldTimer - Version 3.2.8.1     Folder = C:\Users\die2\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,08 Gb Total Space | 220,02 Gb Free Space | 75,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 290,09 Gb Total Space | 289,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC3
Current User Name: die2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2169901085-2938328895-3058549436-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055EE8C6-424B-4455-AE74-29F22205948D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0E96EE10-39CA-4F9A-8BCD-C43D83E08527}" = rport=139 | protocol=6 | dir=out | app=system | 
"{11DAF392-2191-4D1B-8B5E-CDB19437A4DA}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{15B7792B-D96A-4C5A-BD34-FA08F72C97DC}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{2E5D1C5E-2323-4E6F-9738-64E93819B453}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{3D93C091-D185-46A7-A792-27C28884450F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{41B16A41-7F11-4156-96B1-4238029E71B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{4A15FF86-14BB-44B4-A6FD-AA170C06DBE9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4F978AE9-52F9-4BD3-B00D-4B0A680C39B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5C48B547-EF07-48B6-8444-E1923E3D0A11}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5DDB809B-6AC5-4F20-8196-33F513464103}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{60C634BC-D3AA-411A-AC83-60312C4609B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{621081BE-5516-4FA8-9898-1DC6FF05712E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{66B11643-ACEB-41EB-92C5-E421A88F71DF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7AC7F5B0-8012-4448-9F03-BF11D4DF614F}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{80E940A0-4823-4C32-8320-8C9AC98C50AA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8AA35EEA-30CB-4FFC-A066-04CAD08E481B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{905704D6-3538-4BEE-94D1-3F22FF1E0B7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{90C9DB0D-62F3-4559-BF74-BDC1D00C8A40}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{90FDC2FE-8CFE-4778-BD2F-F5F7EE0EFD61}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B5E7A488-163D-4101-A3C8-325BD87BA543}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D34E07A9-F851-4AAD-BF7F-EC3912FC03B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{DB40EBC1-C7B3-4E17-96DA-E84882FE8A3A}" = lport=9000 | protocol=6 | dir=in | name=magix upnp media server | 
"{EC09FEC2-0175-40D6-8DA1-4D06C0BF2547}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{127F8BAB-9174-4695-B6D4-F8F9337150F2}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{1F2226D3-0A76-4741-B29E-B575679E879D}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{255747A5-6752-4279-97D8-C4A3728B32F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2CCB8602-251F-4757-8C6C-74A2AAA1F0F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3241F029-69EB-4397-A475-8FBEC0FDEEF1}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{3C6236D5-549E-4BEF-8243-90C884E77DBE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{436CB7A6-A09B-4586-80E7-E175EED511BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{43F3DCDF-63EB-40AB-BB82-6E02B8C1DD74}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{553EC84A-3396-4529-9140-18596D81FC17}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{5ADA183C-3FCF-4D00-91AB-3D666DDE0ABF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{8C44CE9F-3725-4A59-BE94-DCE1970D7E42}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{A7700C86-234F-4650-9597-3943030F42FC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{AE1D5791-85BD-4FA7-9B69-EAB840A34E2E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{AE260062-6C3C-4A5D-8404-53D6F04A5E9B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B83D1E74-E633-4146-B65E-4F75FFEC0056}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{C3DB23FF-2819-4FF9-87B8-8DEBA5A0145C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{DCBD8571-1505-4F37-94A5-2A705A48DC60}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{E356FBFB-0713-4B6B-A0EE-B18D0161AA18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E7BD8783-1623-46CB-B180-CB82F0137843}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{F0183E49-68EA-4ABD-B358-547D8B3F7F6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F57A20F6-E816-47B9-BC19-2B515E25253E}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{FF1CF9BF-FCCA-479D-9F39-5291BBB62178}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW(R) Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{01CD0E75-D829-0F26-A03F-05754E69B9B0}" = ccc-utility
"{0235AB73-63DD-5544-4744-FBDEC2E4FDCB}" = Catalyst Control Center Graphics Previews Vista
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15886D4F-CBFC-7943-217A-D035561C4E4B}" = CCC Help Spanish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1C596F4C-2771-9EF6-4755-B8EFAE48D7D2}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F4714C3-2FEE-A1D5-BC30-3C42540D0D96}" = Catalyst Control Center Graphics Full Existing
"{2FEFABB1-C318-B3C0-FE93-1C9CA101ED6D}" = CCC Help Finnish
"{32C0A3EA-E824-1FBD-09A9-34E17BF1D85F}" = CCC Help Norwegian
"{3315E5D3-A2A7-7B09-5209-1B473747949C}" = CCC Help German
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42CA6365-0777-FA79-1BD5-5FB967E0A708}" = Catalyst Control Center Localization Norwegian
"{43AA03F5-785D-E4EA-A807-716CD4690734}" = Catalyst Control Center Localization French
"{45D1C008-BC8C-BB47-34AD-BE4AB0791E76}" = Catalyst Control Center Localization German
"{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D4EE7-EBD0-E04B-DA43-BF94ADA36618}" = Catalyst Control Center Localization Swedish
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65F4830E-3098-7764-B551-8F077FB799E9}" = CCC Help English
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{8A8C135A-F9ED-5EC6-C7D5-CE5923583654}" = Catalyst Control Center Core Implementation
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8D96012C-6DCC-92AE-E428-615651B63D2C}" = CCC Help Danish
"{8E732D82-FBFB-0D08-5A00-506AB54EADC7}" = Catalyst Control Center Graphics Full New
"{8F18881C-AEA8-820B-D723-EE62FAE55BA3}" = Catalyst Control Center Localization Finnish
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{93078533-C867-D67B-5AD9-E68B8FC119B1}" = CCC Help Swedish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9CE2FAE0-D562-2FF2-8856-8A1B57997F1F}" = CCC Help Italian
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6011F20-8EAA-E783-5C7A-BF6D8DC694C4}" = Skins
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B5DBA2-5480-E883-5FA7-DAF5927247DA}" = Catalyst Control Center Localization Italian
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C47AFB4C-9581-7BF7-351C-886ED95E2AC9}" = Catalyst Control Center Graphics Light
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C51FF8A2-D1A3-2A14-B088-26C861DA642D}" = CCC Help Japanese
"{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C90C99AC-6F1E-7F55-F91B-D81A12F4540B}" = Catalyst Control Center Localization Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D47F9C63-D544-09FC-E03E-09405C0215C8}" = CCC Help French
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1C25F36-A96E-B1EF-D049-4FD5B43D4100}" = ATI Catalyst Install Manager
"{E1C3A1AD-7254-CFCA-135E-7B1390267659}" = Catalyst Control Center Localization Japanese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E8A2C0F7-A196-5A59-C6EF-B2D6698D0999}" = ccc-core-static
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F028F7CF-BFAF-C420-1E75-429D9C354C89}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF88B174-8326-29B5-3B2E-3850523AD94F}" = Catalyst Control Center Localization Spanish
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AudioLabel" = AudioLabel
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"in2site 1.006" = in2site 1.006
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Kalender-Excel_is1" = Kalender-Excel 8.6.1
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.1.1.75 (D)
"MAGIX Media Manager silver" = MAGIX Media Manager silver
"MAGIX Music Maker 2008 D" = MAGIX Music Maker 2008 13.0.0.16 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.108 (D)
"MAGIX music studio 2004 deLuxe" = MAGIX music studio 2004 deLuxe
"MAGIX Music Studio 2007 deluxe D" = MAGIX Music Studio 2007 deluxe 12.0.2.0 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mix-FX" = Mix-FX
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"PDFAnnotator_is1" = PDF Annotator 1.5.0.140
"POP Peeper" = POP Peeper
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"QuickTime 3.0" = QuickTime 3.0
"SonicShack Design Studio_is1" = SonicShack Designer Adobe AIR version
"Vispa" = Vispa
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.06.2010 17:12:05 | Computer Name = PC3 | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.06.2010 03:08:16 | Computer Name = PC3 | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.06.2010 16:19:53 | Computer Name = PC3 | Source = EventSystem | ID = 4621
Description = 
 
Error - 23.06.2010 03:17:16 | Computer Name = PC3 | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.06.2010 15:16:33 | Computer Name = PC3 | Source = .NET Runtime | ID = 1023
Description = 
 
Error - 24.06.2010 12:40:52 | Computer Name = PC3 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2010 18:39:05 | Computer Name = PC3 | Source = Google Update | ID = 20
Description = 
 
Error - 25.06.2010 03:03:21 | Computer Name = PC3 | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2010 06:18:53 | Computer Name = PC3 | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2010 14:06:34 | Computer Name = PC3 | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 07.04.2010 03:45:38 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (5852.1128)
 
Error - 07.04.2010 03:45:38 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (5852.1129)
 
Error - 20.04.2010 02:54:41 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (3208.1128)
 
Error - 20.04.2010 02:54:41 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (3208.1129)
 
Error - 20.04.2010 02:54:46 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (3208.1128)
 
Error - 20.04.2010 02:54:46 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (3208.1129)
 
Error - 08.05.2010 14:46:55 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (5524.1128)
 
Error - 08.05.2010 14:46:55 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (5524.1129)
 
Error - 08.05.2010 15:47:00 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (3272.1128)
 
Error - 08.05.2010 15:47:00 | Computer Name = PC3 | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (3272.1129)
 
[ System Events ]
Error - 05.07.2010 05:15:48 | Computer Name = PC3 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.07.2010 um 20:22:19 unerwartet heruntergefahren.
 
Error - 05.07.2010 05:17:03 | Computer Name = PC3 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.07.2010 04:09:46 | Computer Name = PC3 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.07.2010 um 12:16:47 unerwartet heruntergefahren.
 
Error - 06.07.2010 04:09:50 | Computer Name = PC3 | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Epson Stylus COLOR 3000 ESC/P 
2 nicht unter dem Namen Epson Stylus COLOR 3000 ESCP 2 freigeben. Fehler: 2114. 
Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 06.07.2010 04:11:04 | Computer Name = PC3 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.07.2010 04:15:33 | Computer Name = PC3 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.07.2010 12:36:55 | Computer Name = PC3 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.07.2010 12:45:32 | Computer Name = PC3 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.07.2010 07:05:08 | Computer Name = PC3 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.07.2010 um 20:24:46 unerwartet heruntergefahren.
 
Error - 08.07.2010 07:06:19 | Computer Name = PC3 | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---
__________________

Fury

Antwort
Seite 1 von 2 1 2

Themen zu Rechner stürzt ab
abgesicherte, abgesicherten, absturz, collecting, crash, crazy, data, g data, lösung, rechner, schnelle, stürzt, stürzt ab, virus, wiederholt


« Conficker.AF/Z.30, werde ihn nich los | Flacor.dat entdeckt »


Ähnliche Themen: Rechner stürzt ab


  1. Rechner viel langsamer, stürzt häufig ab
    Log-Analyse und Auswertung - 29.09.2014 (23)
  2. Rechner stürzt immer ab
    Netzwerk und Hardware - 05.08.2011 (28)
  3. Rechner stürzt andauernd ab
    Log-Analyse und Auswertung - 29.05.2010 (4)
  4. Rechner langsam, stürzt ab / Rootkit.MBR
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (16)
  5. Rechner Stürzt beim Hochfahren öfter ab
    Log-Analyse und Auswertung - 07.04.2009 (5)
  6. Rechner stürzt regelmäßig ab
    Log-Analyse und Auswertung - 09.03.2009 (11)
  7. Rechner stürzt nach Systemstart ab
    Plagegeister aller Art und deren Bekämpfung - 29.12.2008 (0)
  8. Rechner stürzt ab
    Log-Analyse und Auswertung - 18.12.2008 (0)
  9. Rechner Stürzt beim Hochfahren öfter ab
    Mülltonne - 11.11.2008 (0)
  10. Rechner stürzt ab
    Log-Analyse und Auswertung - 26.01.2008 (2)
  11. Rechner stürzt ab und läuft total langsam
    Log-Analyse und Auswertung - 18.08.2007 (2)
  12. Rechner stürzt bei anmeldung ab
    Log-Analyse und Auswertung - 02.12.2006 (1)
  13. Rechner Stürzt immer ab =(
    Netzwerk und Hardware - 15.11.2006 (1)
  14. [Problem] Rechner stürzt nach dem Hochfahren ab!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2006 (1)
  15. Rechner Stürzt immer ab
    Netzwerk und Hardware - 28.12.2005 (3)
  16. Rechner stürzt ständig ab
    Log-Analyse und Auswertung - 29.05.2005 (2)
  17. Bei Klick auf Desktop Icon stürzt der Rechner ab!!!
    Plagegeister aller Art und deren Bekämpfung - 27.04.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rechner stürzt ab - Hallo, nach einen Absturz zeigt mein Rechner: blue-screen ---> collecting data for crash dump... Im Abgesicherten Modus ist es nicht zu beheben. Die Prozedur wiederholt sich ständig. Ist das ein - Rechner stürzt ab...
Archiv
Du betrachtest: Rechner stürzt ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131