| |
| |||||||
Log-Analyse und Auswertung: My Security Shield -> Logfile -> Bitte prüfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.12.2010, 01:48
| #1 |
 |  My Security Shield -> Logfile -> Bitte prüfen Hallo, ich hatte Heute ungebetenen Besuch von "My Security Shield". Ich habe alles so wie in der Anleitung ( http://www.trojaner-board.de/89160-m...entfernen.html ) vorgeschlagen durchgeführt. Nun stelle ich die OTL-Logfiles, wie vorgeschlagen, hier zur Prüfung nochmals rein:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2010 01:08:35 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxxx\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 9,05 Gb Free Space | 12,98% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 69,43 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Users\xxxx\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Modules (SafeList) ========== MOD - C:\Users\xxxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\eNetHook.dll (acer) ========== Win32 Services (SafeList) ========== SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.xxxx.de/" FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 20:23:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 20:23:22 | 000,000,000 | ---D | M] [2008.07.18 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2010.12.18 14:12:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\rvdo28ks.default\extensions [2010.04.27 09:10:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\rvdo28ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.08 14:15:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.24 10:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.28 08:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.08 14:15:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.24 15:02:37 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.24 15:02:37 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.24 15:02:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.24 15:02:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.24 15:02:37 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.18 22:43:00 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found O4 - Startup: C:\Users\JoshSuki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.24 15:29:11 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ] O32 - AutoRun File - [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006.10.01 00:10:34 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2006.09.25 00:53:27 | 000,602,112 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ] O33 - MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5c79a253-54b1-11dc-8971-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.19 00:53:57 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.18 19:57:54 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2010.12.18 19:57:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.18 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.18 19:57:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.18 19:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.18 19:25:41 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\MSA [2010.12.17 00:21:07 | 000,000,000 | ---D | C] -- C:\Games [2010.12.17 00:01:02 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.17 00:01:00 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.17 00:01:00 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.17 00:00:59 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.17 00:00:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.17 00:00:56 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.17 00:00:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.17 00:00:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.17 00:00:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.17 00:00:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.12.17 00:00:48 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.17 00:00:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.17 00:00:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.17 00:00:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.17 00:00:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.12.17 00:00:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.17 00:00:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.17 00:00:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.17 00:00:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.12.17 00:00:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.12.17 00:00:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.12.17 00:00:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.12.17 00:00:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.17 00:00:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.17 00:00:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.17 00:00:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2007.05.19 23:03:06 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.05.19 14:34:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010.12.19 00:53:59 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.19 00:43:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.19 00:43:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.19 00:43:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.19 00:43:29 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys [2010.12.18 20:42:03 | 000,212,992 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.18 19:57:44 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.17 03:16:34 | 000,372,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.17 00:21:09 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.34.lnk [2010.12.05 17:39:36 | 000,064,000 | ---- | M] () -- C:\Users\xxxx\Documents\Qte1.doc [2010.12.05 17:09:48 | 000,077,824 | ---- | M] () -- C:\Users\xxxx\Documents\bbungasb.doc [2010.12.05 16:55:23 | 000,020,094 | ---- | M] () -- C:\Users\xxxx\Documents\seg4.odt [2010.12.05 16:29:06 | 000,090,112 | ---- | M] () -- C:\Users\xxxx\Documents\LL0111of.doc [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.20 16:45:54 | 000,078,848 | ---- | M] () -- C:\Users\xxxx\Documents\bbungdsz.doc [2010.11.19 14:53:58 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll ========== Files Created - No Company Name ========== [2010.12.19 00:53:59 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.18 19:57:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.18 19:41:18 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys [2010.12.17 00:21:09 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.34.lnk [2010.12.05 17:09:46 | 000,077,824 | ---- | C] () -- C:\Users\xxxx\Documents\bbungasb.doc [2010.12.05 16:55:22 | 000,020,094 | ---- | C] () -- C:\Users\xxx\Documents\sxoeg4.odt [2010.11.20 15:00:55 | 000,078,848 | ---- | C] () -- C:\Users\xxx\Documents\bbungdsz.doc [2009.09.24 13:03:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.03 11:24:14 | 000,000,680 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat [2009.03.05 18:07:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2009.03.05 18:05:09 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.03.05 17:42:29 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLeNL.DLL [2008.09.01 23:50:36 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.09.01 23:50:36 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.07.18 13:39:05 | 000,000,096 | ---- | C] () -- C:\Users\xxxx\AppData\Local\fusioncache.dat [2008.05.01 17:40:50 | 000,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.05.01 17:40:46 | 000,856,064 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.05.01 17:40:46 | 000,568,850 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2008.05.01 17:40:46 | 000,217,088 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.05.01 17:40:45 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.05.01 17:40:42 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.11.30 18:56:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.11.29 14:52:24 | 000,212,992 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.28 13:57:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2007.11.27 13:16:13 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.08.28 02:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.08.28 02:17:20 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.05.20 01:52:39 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.19 23:03:07 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.05.19 14:36:19 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.05.19 14:34:47 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.05.19 14:34:47 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.05.19 14:34:24 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.05.19 14:28:31 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007.04.12 16:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.12 16:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.12 16:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.12 16:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.12 16:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.12 16:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94188BC6 < End of report > UNDOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.12.2010 01:08:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxxx\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 9,05 Gb Free Space | 12,98% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 69,43 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: xxxxxx-PC | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22A5E06F-D59A-4C48-BBB4-A06842DFEE40}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{26122130-B5C0-440D-A7C7-F064D0C3FDAB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2FE687CD-69B4-4000-9C49-A375970046B5}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{3C0D8CE2-6EB7-4A61-A30B-E2D76B652DC6}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{3C82723C-3BB1-4DB0-B127-BB8721B4C35B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{41890CBF-D0E7-4907-91EB-DD200E2F5646}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{479ACCCF-B301-49F7-9418-57AD4C9DCF73}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{68FB9B0F-7D96-45A2-B9D5-C43935D39B49}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{7BA3FE8C-2FB5-41FA-B951-CA9F7196E598}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{82BABC09-4E39-40FC-B369-337588E79DA6}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{8A3A2F3A-166F-4644-82F3-DD42396D47F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C3B82B7-5122-43DF-A690-696CF8088F03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8DDA8886-6435-4BE6-8A41-84DE96335A53}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{94F65E51-8BA6-4167-8EB1-BF290F7770CF}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{A14DC2D9-70E5-4316-A8C4-FDD042F6584A}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{A90BE003-D0F3-44A9-AF43-5A504EB693B6}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{AEDC17AF-850B-4C48-A22F-6AAFB214B24C}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{E13DAC76-9080-488E-B14A-A09E8C7C96A0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{E2061A89-8B2B-4C34-A0F5-85D6D996A2B4}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{EBAD4F5A-EEBC-4CF5-8D13-83CFC4817AAE}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{FB05615A-3F6C-48B2-912A-FECB096B4D62}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"TCP Query User{0230A4E5-C4E0-48C8-897E-F8FEE93565E3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{082474EA-685F-45D5-8BAB-FA680D051780}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3C91C7A0-E94F-4391-99DD-16CEE5A9BF5B}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"TCP Query User{936D8472-5AE4-4233-A4F5-810338429B71}C:\program files\atari\act of war - direct action\aoweditor.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\aoweditor.exe |
"TCP Query User{B1E6287D-52C9-4500-BA5A-7141F5D241F9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E3653AE0-1E4A-4FB7-B55D-81C2470E02C9}C:\program files\ea games\command & conquer generäle stunde null\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\patchget.dat |
"TCP Query User{F96EBB54-1611-4355-88B9-ED6F562FFC5C}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{28F50254-58FA-4C6B-B221-D2E4143B57D0}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{39ADFFC6-D45F-40E2-99F0-205125872036}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{47C4EE7E-4BE1-431D-83C3-37D17E7D11F5}C:\program files\atari\act of war - direct action\aoweditor.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\aoweditor.exe |
"UDP Query User{7EF7413B-A232-4FD5-8C7A-C71B480A15E1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A0B38A23-AD6D-47BE-B49B-DCC73FE0B82D}C:\program files\ea games\command & conquer generäle stunde null\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\patchget.dat |
"UDP Query User{CD55BDBE-EDFD-44CD-868E-8231F4506AF3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E2C7A304-8781-49D0-9F47-388E544FA6B4}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian
"{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian
"{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese
"{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai
"{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese
"{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E3F696A6-98D9-438E-B942-B498087C015B}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ArtMoney SE_is1" = ArtMoney SE v7.34
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Black Mirror_is1" = Black Mirror 1.2
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Download Manager_is1" = Free Download Manager 3.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OpenTTD" = OpenTTD 1.0.0-RC2
"PokerTH 0.8.1" = PokerTH
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinRAR archiver" = WinRAR Archivierer
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2010 17:31:28 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 17:50:33 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 17:50:33 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 19:44:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 19:44:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 19:45:06 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 19:45:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 19:46:07 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 19:46:08 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 19:46:11 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 18.04.2008 17:22:15 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 18.12.2010 14:52:11 | Computer Name = xxxx-PC | Source = DCOM | ID = 10010
Description =
Error - 18.12.2010 17:26:22 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.12.2010 17:45:16 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 18.12.2010 17:50:25 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.12.2010 17:56:55 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 18.12.2010 17:57:04 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 18.12.2010 17:57:04 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 18.12.2010 17:57:04 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 18.12.2010 19:43:20 | Computer Name = xxxx-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 18.12.2010 19:43:52 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Ich hoffe ich habe alles richtig gemacht, ihr könnt mir helfen und dass das System jetzt wieder sauber ist. Der Laptop verhält sich, soweit ich das beurteilen kann, jetzt wieder normal. Das Einzige was sich geändert hat ist: Beim Hochfahren erhalte ich nun eine Meldung, dass einige Autostartprogramme von der Firewall "geblockt" wurden. Diese stehen in einer Liste als "noch nicht klassifiziert". Diese Meldung bekam ich vorher noch nie. Ist das Normal? Viele Grüße & schonmal vorab Danke für die Mühe Zauber |
| Themen zu My Security Shield -> Logfile -> Bitte prüfen |
| 0x00000001, alternate, antivir, autorun, avgntflt.sys, avira, benutzerregistrierung, bho, black, canon, corp./icp, desktop, downloader, error, excel.exe, fehler, firefox, firefox.exe, flash player, frage, free download, helper, home, home premium, iastor.sys, iexplore.exe, install.exe, launch, location, logfile, media center, microsoft office word, mozilla, nvstor.sys, oldtimer, otl.exe, plug-in, pop-up-blocker, popup, programdata, realtek, registry, saver, scan, sched.exe, searchplugins, security, security shield, senden, software, start menu, symantec, vista, vlc media player |
Baum-Darstellung