| |
| |||||||
Log-Analyse und Auswertung: Security Shild entfernt, trotzdem Fund durch SUPERAntiSpywareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.12.2010, 17:57
| #1 |
 |  Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, ich habe mir heute den Security Shield Trojaner eingefangen und ihn so wie in der Anleitung "My Security Shield entfernen" angegeben, beseitigt. Der Rechner läuft soweit ich das beurteilen kann wieder normal. Zur Sicherheit habe ich nochmal das Programm SUPERAntiSpyware drüberlaufen lassen, dieses hat dann doch noch etliche Einträge gefunden. Ich wäre sehr dankbar wenn sich die Logs nochmal jemand anschauen könnte. Die gefundenen Datein befinden sich momentan in Quarantäne, da ich nicht sicher bin ob ich sie einfach löschen kann. Hier nun eine Handvoll Logs die ich bisher zusammengetragen habe: Log von Malwarebytes Anti- Malware nach Entfernung von Security Shild: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5400
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
27.12.2010 03:21:56
mbam-log-2010-12-27 (03-21-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 373640
Laufzeit: 44 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: AMI
System Manufacturer: Acer
System Product Name: Aspire M7720
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 150):
0x02048000 \SystemRoot\system32\ntoskrnl.exe
0x02002000 \SystemRoot\system32\hal.dll
0x00602000 \SystemRoot\system32\kdcom.dll
0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00647000 \SystemRoot\system32\PSHED.dll
0x0065B000 \SystemRoot\system32\CLFS.SYS
0x006B8000 \SystemRoot\system32\CI.dll
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x0076A000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B0000 \SystemRoot\System32\drivers\mountmgr.sys
0x009C3000 \SystemRoot\System32\Drivers\UBHelper.sys
0x00A0D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B27000 \SystemRoot\system32\drivers\atapi.sys
0x00B2F000 \SystemRoot\system32\drivers\ataport.SYS
0x00B53000 \SystemRoot\system32\drivers\msahci.sys
0x00B5D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00B6D000 \SystemRoot\system32\drivers\fltmgr.sys
0x00BB4000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BC8000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x00C08000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
0x00C8F000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDF000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100F000 \SystemRoot\System32\drivers\tcpip.sys
0x01185000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
0x013D8000 \SystemRoot\System32\Drivers\mup.sys
0x011B1000 \SystemRoot\System32\drivers\ecache.sys
0x013EA000 \SystemRoot\system32\drivers\disk.sys
0x00FD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02523000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02530000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02539000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0254C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x02C0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02A03000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02AE6000 \SystemRoot\System32\drivers\watchdog.sys
0x02AF6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0333C000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x02BE3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0338C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02BEF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x033D2000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x033E4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x025A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x033F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x025B6000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C00000 \SystemRoot\system32\DRIVERS\serenum.sys
0x025D3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x025EF000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x025F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02400000 \SystemRoot\system32\DRIVERS\serscan.sys
0x011EB000 \SystemRoot\system32\drivers\ksthunk.sys
0x00D38000 \SystemRoot\system32\drivers\ks.sys
0x00D6C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0340D000 \SystemRoot\system32\DRIVERS\storport.sys
0x0346A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03477000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0349A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x034A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x034D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x034E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03505000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0351D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03530000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03532000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0353D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0354D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03595000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x035B6000 \SystemRoot\system32\drivers\portcls.sys
0x00DA5000 \SystemRoot\system32\drivers\drmk.sys
0x04001000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0416E000 \SystemRoot\system32\drivers\gwfilt64.sys
0x0417C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04190000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0419A000 \SystemRoot\System32\Drivers\Null.SYS
0x041AE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x041B6000 \SystemRoot\System32\drivers\vga.sys
0x041C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x041E9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x041F2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x041A3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00DC8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035F1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00DD9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00BD1000 \SystemRoot\system32\DRIVERS\smb.sys
0x04208000 \SystemRoot\system32\drivers\afd.sys
0x04273000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042B7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x042D5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x042E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x042FF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04309000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04313000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04360000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0436C000 \SystemRoot\System32\Drivers\dfsc.sys
0x04389000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x043AB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x043C7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x043C9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x043D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x043E4000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x043F4000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x009CB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03400000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02592000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02408000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04408000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x04522000 \SystemRoot\System32\drivers\Dxapi.sys
0x0452E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00670000 \SystemRoot\System32\cdd.dll
0x04541000 \SystemRoot\system32\drivers\luafv.sys
0x04563000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02416000 \SystemRoot\system32\drivers\spsys.sys
0x04580000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04594000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06401000 \SystemRoot\system32\drivers\HTTP.sys
0x064A4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x064CD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x064EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06505000 \SystemRoot\system32\drivers\mrxdav.sys
0x0652C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06555000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0659E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x065BD000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06802000 \SystemRoot\System32\DRIVERS\srv.sys
0x06896000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x068E5000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
0x068FD000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x0690A000 \SystemRoot\system32\drivers\peauth.sys
0x069C0000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x069C9000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x069DC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x069E7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x045AC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x045CC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x045E2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x771A0000 \Windows\System32\ntdll.dll
Processes (total 82):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
572 csrss.exe
628 C:\Windows\System32\wininit.exe
648 csrss.exe
684 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\winlogon.exe
992 C:\Windows\System32\svchost.exe
340 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\atiesrxx.exe
352 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\audiodg.exe
1040 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\SLsvc.exe
1108 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\spoolsv.exe
1492 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1508 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\atieclxx.exe
1180 C:\Windows\System32\dwm.exe
2072 C:\Windows\System32\taskeng.exe
2104 C:\Windows\explorer.exe
2180 C:\Windows\System32\taskeng.exe
2512 C:\Program Files\Windows Defender\MSASCui.exe
2520 C:\Windows\RAVCpl64.exe
2536 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
2544 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
2552 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
2568 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2576 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2584 C:\Windows\ehome\ehtray.exe
2592 C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2600 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2608 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2672 C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
2688 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2704 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2712 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2768 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2788 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2832 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2852 C:\Windows\SysWOW64\bgsvcgen.exe
2880 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2892 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
2920 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
3024 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
3052 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
700 C:\Windows\ehome\ehmsas.exe
980 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2252 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
2492 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1352 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2652 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2164 C:\Windows\SysWOW64\PnkBstrA.exe
3080 C:\Windows\System32\svchost.exe
3112 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
3136 C:\Windows\System32\svchost.exe
3172 C:\Windows\System32\svchost.exe
3212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3276 C:\Windows\System32\SearchIndexer.exe
3400 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3580 WUDFHost.exe
3716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1304 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4116 C:\Program Files\Windows Media Player\wmpnscfg.exe
4240 C:\Program Files\Windows Media Player\wmpnetwk.exe
3808 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4904 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5020 WmiPrvSE.exe
524 C:\Windows\System32\VSSVC.exe
4312 C:\Windows\System32\svchost.exe
2024 dllhost.exe
4800 dllhost.exe
5024 C:\Users\Allgemein\Downloads\Spyware vernichten\MBRCheck.exe
3132 C:\Windows\SysWOW64\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005f`58500000 (NTFS)
PhysicalDrive0 Model Number: WDCWD10EAVS-00D7B1, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Acer MBR code detected
SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003
Done!
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 12/27/2010 at 04:15 PM
Application Version : 4.47.1000
Core Rules Database Version : 6072
Trace Rules Database Version: 3884
Scan type : Complete Scan
Total Scan Time : 01:32:26
Memory items scanned : 746
Memory threats detected : 0
Registry items scanned : 13311
Registry threats detected : 0
File items scanned : 233540
File threats detected : 31
Trojan.Agent/Gen-Koobface[Bonkers]
D:\PROGRAMME\LOGICCODE\SPLIT IT\SPLIT IT.EXE
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\LOGICCODE\SPLIT IT\SPLIT IT.LNK
C:\USERS\ALLGEMEIN\DESKTOP\NICHT VERWENDETE VERKNüPFUNGEN\SPLIT IT.LNK
Trojan.Agent/Gen-IEFake
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\H\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\PROCS\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\H\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\H\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\PROCS\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\H\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\PROCS\IEXPLORE.EXE
C:\Windows\Prefetch\IEXPLORE.EXE-00CFD614.pf
C:\Windows\Prefetch\IEXPLORE.EXE-11D07DDF.pf
C:\Windows\Prefetch\IEXPLORE.EXE-180A086C.pf
C:\Windows\Prefetch\IEXPLORE.EXE-1E4392F9.pf
C:\Windows\Prefetch\IEXPLORE.EXE-2BCB2F41.pf
C:\Windows\Prefetch\IEXPLORE.EXE-56C6886E.pf
C:\Windows\Prefetch\IEXPLORE.EXE-81C1E19B.pf
Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\NIRD\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\NIRD\IEXPLORE.EXE
C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\NIRD\IEXPLORE.EXE
C:\Windows\Prefetch\IEXPLORE.EXE-610B2EDF.pf
C:\Windows\Prefetch\IEXPLORE.EXE-6D01CA8A.pf
C:\Windows\Prefetch\IEXPLORE.EXE-78F86635.pf
Vielen, vielen Dank im Vorraus Gruß Yetzirah |
|
28.12.2010, 13:39
| #2 |
| | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo,
__________________hier noch ein paar zusätzliche Logs. HiJackThis Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:29:44, on 28.12.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52586 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" O4 - HKLM\..\Run: [WarReg_PopUp] "C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MotionSD STUDIO - Autostart SD Browser -.lnk = C:\Program Files (x86)\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10963 bytes OLT Log: Code:
ATTFilter OTL logfile created on: 28.12.2010 14:07:09 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allgemein\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free 12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated) DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated) DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation) DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gamestar.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52586 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Programme\browserrecord\firefox\ext [2009.12.25 15:34:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.18 10:46:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.18 10:46:18 | 000,000,000 | ---D | M] [2008.12.31 00:08:53 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Extensions [2010.12.28 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions [2010.04.30 13:53:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.29 12:52:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.03 00:50:34 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.12.29 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\imagedownload@whygudu.iblog.cn [2010.12.22 13:10:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.14 15:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.26 20:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 13:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.14 01:41:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.14 01:41:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.11.14 01:41:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.14 01:41:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.14 01:41:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.27 03:48:33 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.28 14:05:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2010.12.28 13:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\SUPERAntiSpyware.com [2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.12.27 14:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2010.12.27 14:36:03 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.12.27 04:08:33 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\Desktop\Sicherheit [2010.12.27 03:53:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.27 02:22:34 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Malwarebytes [2010.12.27 02:22:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.27 02:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.27 02:22:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.27 02:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.27 01:31:30 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr [2010.12.25 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Avira [2010.12.22 13:10:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.12.21 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Stardock [2010.12.21 17:52:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6C72D0C5-6D41-4646-A187-62A044E7F55E} [2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2010.12.21 17:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489} [2010.12.21 17:39:20 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\PackageAware [2010.12.18 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\Ironclad Games [2010.12.18 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso [2010.12.18 10:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.12.15 09:47:28 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 09:47:28 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 09:47:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.12.15 09:47:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.12.15 09:47:28 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 09:47:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 09:47:25 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 09:47:17 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 09:47:17 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 09:47:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 09:47:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.12.15 09:47:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.12.15 09:47:16 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.12.15 09:47:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.12.15 09:47:16 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 09:47:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 09:47:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 09:47:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.12.15 09:47:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 09:47:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 09:47:16 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.12.15 09:47:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.12.15 09:47:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.12.15 09:47:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.12.15 09:47:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 09:47:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.12.15 09:47:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.12.15 09:47:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.12.15 09:47:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.12.15 09:47:16 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 09:47:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 09:47:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.12.15 09:47:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 09:47:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 09:47:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.15 09:47:05 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 09:47:05 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 09:47:05 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 09:47:05 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 09:47:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 09:47:05 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.11.29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.11.29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2008.11.02 01:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.12.28 14:07:39 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.28 14:07:39 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.28 14:07:39 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.28 14:07:39 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.28 14:07:39 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.28 14:05:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2010.12.28 14:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.28 14:02:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2010.12.28 14:01:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.28 14:01:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job [2010.12.27 16:56:33 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc [2010.12.27 04:07:19 | 000,022,918 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg [2010.12.27 04:06:53 | 000,110,068 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg [2010.12.27 03:48:33 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2010.12.27 02:02:13 | 000,004,379 | ---- | M] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 [2010.12.25 18:00:34 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101227-013740.backup [2010.12.24 02:37:36 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101225-180034.backup [2010.12.23 02:40:20 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101224-023736.backup [2010.12.23 02:39:35 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-024020.backup [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 10:37:49 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-023935.backup [2010.12.17 16:17:50 | 000,301,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.12 16:56:45 | 000,025,088 | ---- | M] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc [2010.12.05 23:35:09 | 000,000,000 | ---- | M] () -- C:\Users\Allgemein\Documents\NEWSOFT [2010.12.05 15:28:35 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc [2010.11.29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.11.29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts ========== Files Created - No Company Name ========== [2010.12.27 15:51:37 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc [2010.12.27 04:07:14 | 000,022,918 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg [2010.12.27 04:06:41 | 000,110,068 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg [2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 [2010.12.12 16:40:37 | 000,025,088 | ---- | C] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc [2010.12.05 15:18:01 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.04.10 16:49:49 | 000,437,210 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI213B.txt [2010.04.10 16:49:49 | 000,012,578 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI213B.txt [2010.01.08 20:07:21 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\memio.dll [2010.01.08 19:27:35 | 000,000,293 | ---- | C] () -- C:\Windows\asfbinapp.INI [2010.01.06 18:27:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.31 17:16:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2009.09.26 22:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.26 22:42:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.29 14:06:57 | 000,420,038 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI146E.txt [2009.03.29 14:06:56 | 000,012,266 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI146E.txt [2009.01.13 23:47:51 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2009.01.13 23:46:50 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.01.11 20:46:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.07 13:43:12 | 000,000,000 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\wklnhst.dat [2008.12.31 00:52:12 | 000,016,896 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.06 12:44:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.12.06 12:44:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.11.01 17:30:21 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Acer GameZone Console [2010.06.06 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Bioshock2 [2009.09.02 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Canon [2009.12.22 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Chilirec [2010.12.27 02:03:52 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr [2008.12.30 22:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\eSobi [2010.01.08 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\GSplit [2009.12.10 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Lite [2009.08.08 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2009.08.31 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files [2009.01.13 23:56:04 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\NewSoft [2009.12.23 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Red Kawa [2009.12.22 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Regensoft [2009.01.13 23:46:47 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\ScanSoft [2010.12.21 17:53:28 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Stardock [2009.01.07 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Template [2010.12.28 13:40:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.12.2010 14:07:10 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 9F 3C 58 EC 4B 91 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0240063B-1EB7-4F0A-8E93-E8CD96E22FC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{25BFF978-C264-4859-AE85-7DB82EE643C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DE0E038-5ADE-4B33-965F-32C3FD6C0A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40BCBEB3-82D5-47A3-B5FC-16D44011C3EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{5711C6B5-9DD6-4886-A79A-D85520181EEC}" = lport=137 | protocol=17 | dir=in | app=system |
"{69880AA5-1FCB-40B2-A84F-548239754790}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FDBF630-C604-454B-8B73-31B2379548E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B78A21A9-910C-4D91-B328-9A5B0B3475C2}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1419C83-EC22-479F-AC5D-F56C76A7CC36}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAF5A809-00FC-46AB-B487-E86B5A009296}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037FFE8B-1E0C-4198-B825-B0ACE994BC4C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |
"{0660CFC7-D1FB-4584-B077-BEC544B1A303}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{06D67C2F-1D90-483B-AC97-8714ACB840FB}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{07200103-3EB4-46D8-8E1A-C0BC22080E86}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{164ACAF1-B5CB-44F0-8523-9BC94E585EA0}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{174EB543-EC4D-4914-93B6-F45D1F1EFFD7}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{19AB0D20-8B39-467D-A26C-CAF693402058}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe |
"{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1F3F6B2A-4651-4647-B799-2C8655290083}" = protocol=6 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{2D29DBF0-9793-48A7-A7B5-2C57FD6F7575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{36A69E6B-D297-4E9D-B583-AE0E9069133A}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{3926A940-6255-4858-A59C-24BAD565C595}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{402BD6E0-AAFF-4C52-BB0D-64FFF30AC405}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe |
"{4184A000-B161-428B-ADD5-934103A25903}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{4281ACC4-2030-4650-AE7D-8071DF573B8C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{46B930B5-EBB9-453B-B1A8-612D63C3FE8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |
"{498BEF9C-FCB3-42B6-905E-B3944F793C45}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{4B8B7BF5-F04C-4483-85E1-7562E9C4A179}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{5126C1C9-D94B-402A-A6FB-F2AFC7015F56}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{5129E357-58C0-4E4F-A55C-246BD7507E41}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{5310592A-71E8-4BC6-B08A-EF08FFDD88EF}" = protocol=6 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe |
"{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{61D7544D-4383-4394-8A24-2C234FCD2B7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6310BD7E-5856-41D7-8996-B2F9706C807C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{67A06FA2-D024-476E-AC7C-563582D7B91B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{6E2DC041-A6D1-45B1-93A9-0A12E698FED1}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{6E6EC19A-F16F-43C3-98F5-5E0D3392F8AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{701DD33D-18F2-4CB9-B581-6061A43E3E52}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{72DC1A8B-8273-4CAA-89F2-4A103B21E4B7}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{749D543E-9632-43ED-A7D8-0A5F7B3ECF5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78758A6A-D50F-486E-AF12-BCA62339E8B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7EB20E0F-5B4D-4C92-A279-0865BC982169}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83E1B206-CF06-46C1-9A5E-7F9768D8C964}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{85E57662-992C-4163-A5B3-C521E7DA5105}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe |
"{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{99959467-C52F-4B68-8D9E-C1C33658B97A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A46525B4-B931-4C4B-9100-3D00B7728D78}" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat |
"{A8B9B93E-6010-4443-B7CF-B18798A56653}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{AA70CC46-4FBD-4A5E-BE55-C584F6BCD5DF}" = protocol=17 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe |
"{B33D8B01-E7E1-41ED-9284-DBBBA17B9295}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{BB5DA8A4-AFA8-4794-944E-0B055B3CA629}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{C5C0144D-72DB-4F08-8899-847F54A5336C}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C65C2B16-A094-4167-8DEB-774A35C6832A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{C8633C17-448C-48CE-9230-5E73BE8CCC06}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D6268E41-2892-42E4-AB00-7E83F83B5170}" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat |
"{D99BA6E2-A59F-489C-BF2B-5B478844FEC2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{E3D6342A-6112-4779-82E2-1EA72E2AAB1A}" = protocol=17 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{E639A33A-6A8E-4377-8635-5DCFE4638CFB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{E7FB9B55-6DD9-4895-A297-930512CDD874}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{EAF8C6E1-08C5-4166-8276-9CE2FE715E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC35FF56-9005-4B46-916F-08A7DAE9F0BF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{ECAE6A72-D840-48B0-835D-9D0865449697}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{ECC7730F-A00E-4346-858A-294D2349CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2BFBB60-8BC5-4A94-97AF-645D64BA2B0F}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{F5C4D7E3-38DA-467B-9B93-FDB77C0FAE3B}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe |
"{FF75CFB6-2416-4865-9CBE-C4E3F5F8B42C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{33B5272F-A03A-436F-8E4C-A6D01396431B}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"TCP Query User{3D5F350D-5821-43E1-AAC5-17276690076F}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=6 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe |
"TCP Query User{500A52A5-C468-4B60-8217-304FFD88EE0B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{5A55804B-7D73-4BFA-981B-233EB6073441}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"TCP Query User{666FBBD3-CB60-4BE6-87C2-6E5EDD0FA93F}D:\programme\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\programme\chilirec\chilirec.exe |
"TCP Query User{7833C700-5A96-45E1-9C4F-18EB190CC7B0}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"TCP Query User{78DE6F70-097C-47C1-883F-FD738F4EF17A}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"TCP Query User{7A188E3A-5C8D-4529-8AC2-EA59ED69BFEE}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{999C1EAC-A83C-4133-9F5F-FD922007EF49}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
"TCP Query User{A8082984-749C-4C68-95B7-9EEEE46D9B8A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{AA7A2599-DE98-4FC4-8E93-780F0319684F}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{C1328922-FB96-42E0-B343-F53B7C93FFEA}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{D33FE896-1B5C-4D2D-B125-8A6AC36C8D1A}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe |
"TCP Query User{F20D4189-9A49-4D8C-821E-E072845CC6DB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{15573920-5B2A-4733-8F92-272D8300AB68}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"UDP Query User{29B12FD2-CA6E-42A6-91A8-B60D005ED5D2}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{30E27ADE-2D0B-43F0-975D-8183DE686D31}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{332EA9E8-D7B6-4410-9541-CD15051999CD}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=17 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe |
"UDP Query User{42439E35-D610-4E18-81F8-7086057FB250}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{61A5D5A7-9A4A-4DE2-9EE0-E095AB050BAC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{774E6DA8-862E-4B6E-8BD9-A82E3E8652FA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{A7334D05-C0AF-444C-BC6F-F48AA7F64B56}D:\programme\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\programme\chilirec\chilirec.exe |
"UDP Query User{B524DDF5-1C13-477C-BEBD-B480FC6AAB2D}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"UDP Query User{BE0E10DA-472C-41DB-AA5C-04940B2606FD}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C35C9398-2F54-4B75-A1A9-21697613189E}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"UDP Query User{D3AECB7A-EAA4-4539-B0A4-1985764C7C6F}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"UDP Query User{DDAAC868-CEBB-4136-AFDB-4EFFCCD11268}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe |
"UDP Query User{F79D21A8-AC4A-4533-8469-E9A0519928A3}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{752CCAEE-8E33-DE50-9454-B377A2205193}" = ccc-utility64
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chilirec_0" = Chilirec 1.01
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Franzis 3D-Eisenbahnplaner 10.0_is1" = Franzis 3D-Eisenbahnplaner 10.0
"GSplit3Set" = GSplit 3
"Homeworld2" = Homeworld2
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"PSP Video 9" = PSP Video 9 5.03
"RealPlayer 12.0" = RealPlayer
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"Splitit" = Split it 3.2
"StarCraft II" = StarCraft II
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 43110" = Metro 2033
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
"YouTube Downloader App" = YouTube Downloader App 2.03
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.08.2010 12:13:12 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 22.08.2010 12:59:02 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 23.08.2010 08:55:13 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 23.08.2010 08:56:34 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3, Prozess-ID 0x894, Anwendungsstartzeit
01cb42c25851b509.
Error - 23.08.2010 12:37:55 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 09:37:01 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 11:52:43 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 12:06:45 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 27.12.2010 09:33:23 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 27.12.2010 12:17:14 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 27.12.2010 13:19:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 27.12.2010 13:20:20 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 27.12.2010 14:35:25 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 27.12.2010 14:36:24 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 28.12.2010 08:18:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2010 08:19:12 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 28.12.2010 09:01:07 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2010 09:01:50 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Yetzirah Geändert von Yetzirah (28.12.2010 um 14:14 Uhr) |
|
08.02.2011, 16:49
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo und
__________________ Die geposteten Logs sind zu alt, daher bitte neue machen: Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
09.02.2011, 01:26
| #4 |
| |  Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo Cosinus, danke für deine Hilfe, hier die Logs: Vollscan mit Malewarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5715
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
09.02.2011 00:19:13
mbam-log-2011-02-09 (00-19-13).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 384481
Laufzeit: 51 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5400
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
27.12.2010 02:25:56
mbam-log-2010-12-27 (02-25-56).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153857
Laufzeit: 1 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\ALLGEM~1\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\allgemein\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\allgemein\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\allgemein\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\Users\allgemein\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Hier das OLT Log: Code:
ATTFilter OTL logfile created on: 09.02.2011 00:23:12 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Allgemein\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 53.00% Memory free 12.00 Gb Paging File | 9.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 366.72 Gb Total Space | 257.67 Gb Free Space | 70.26% Space Free | Partition Type: NTFS Drive D: | 550.13 Gb Total Space | 410.19 Gb Free Space | 74.56% Space Free | Partition Type: NTFS Drive F: | 7.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Games\Steam\GameOverlayUI.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - d:\Games\Steam\steamapps\common\supreme commander 2\bin\SupremeCommander2.exe (Gas Powered Games) PRC - D:\Games\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated) DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated) DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation) DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gamestar.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52586 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.28 22:52:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.28 22:52:04 | 000,000,000 | ---D | M] [2008.12.31 00:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Extensions [2011.02.08 14:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions [2010.04.30 13:53:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.08 14:22:06 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.01.22 13:28:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.22 13:28:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.12.29 13:33:45 | 000,000,000 | ---D | M] ("Image Download") -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\imagedownload@whygudu.iblog.cn [2010.12.22 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.14 15:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.26 20:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 13:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.14 01:41:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.14 01:41:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.11.14 01:41:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.14 01:41:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.14 01:41:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.22 12:44:20 | 000,428,601 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14760 more lines... O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.09 00:20:08 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2011.01.13 18:26:16 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.13 18:26:16 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.13 18:26:11 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe [2011.01.11 15:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2008.11.02 01:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.02.09 00:20:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2011.02.09 00:05:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.08 23:23:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.02.08 23:22:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 23:22:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 23:22:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.08 23:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.08 17:57:21 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job [2011.02.07 19:12:28 | 000,019,456 | ---- | M] () -- C:\Users\Allgemein\Documents\Absclag.xls [2011.01.22 12:44:20 | 000,428,601 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2011.01.17 07:36:44 | 000,002,675 | ---- | M] () -- C:\Users\Allgemein\Desktop\Microsoft Excel.lnk [2011.01.14 18:43:19 | 001,467,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.14 18:43:19 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.14 18:43:19 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.14 18:43:19 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.14 18:43:19 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2011.02.07 18:12:17 | 000,019,456 | ---- | C] () -- C:\Users\Allgemein\Documents\Absclag.xls [2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.04.10 16:49:49 | 000,437,210 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI213B.txt [2010.04.10 16:49:49 | 000,012,578 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI213B.txt [2010.01.08 20:07:21 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\memio.dll [2010.01.08 19:27:35 | 000,000,293 | ---- | C] () -- C:\Windows\asfbinapp.INI [2010.01.06 18:27:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.31 17:16:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2009.09.26 22:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.26 22:42:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.03.29 14:06:57 | 000,420,038 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI146E.txt [2009.03.29 14:06:56 | 000,012,266 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI146E.txt [2009.01.13 23:47:51 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2009.01.13 23:46:50 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.01.11 20:46:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.07 13:43:12 | 000,000,000 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\wklnhst.dat [2008.12.31 00:52:12 | 000,016,896 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.06 12:44:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.12.06 12:44:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.02.2011 00:23:12 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 53.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 257.67 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 410.19 Gb Free Space | 74.56% Space Free | Partition Type: NTFS
Drive F: | 7.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 9F 3C 58 EC 4B 91 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0240063B-1EB7-4F0A-8E93-E8CD96E22FC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{25BFF978-C264-4859-AE85-7DB82EE643C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DE0E038-5ADE-4B33-965F-32C3FD6C0A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40BCBEB3-82D5-47A3-B5FC-16D44011C3EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{5711C6B5-9DD6-4886-A79A-D85520181EEC}" = lport=137 | protocol=17 | dir=in | app=system |
"{69880AA5-1FCB-40B2-A84F-548239754790}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FDBF630-C604-454B-8B73-31B2379548E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B78A21A9-910C-4D91-B328-9A5B0B3475C2}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1419C83-EC22-479F-AC5D-F56C76A7CC36}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAF5A809-00FC-46AB-B487-E86B5A009296}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037FFE8B-1E0C-4198-B825-B0ACE994BC4C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |
"{0660CFC7-D1FB-4584-B077-BEC544B1A303}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{06D67C2F-1D90-483B-AC97-8714ACB840FB}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{07200103-3EB4-46D8-8E1A-C0BC22080E86}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{164ACAF1-B5CB-44F0-8523-9BC94E585EA0}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{174EB543-EC4D-4914-93B6-F45D1F1EFFD7}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{19AB0D20-8B39-467D-A26C-CAF693402058}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe |
"{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1F3F6B2A-4651-4647-B799-2C8655290083}" = protocol=6 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{270AF61F-1325-4106-95DB-9EC47C72E41A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{29F1B19E-74C3-45C8-BF4C-DAFDF5BC40F4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{2CE71D41-DE1F-4918-8034-0BC142FCFB1E}" = protocol=6 | dir=in | app=d:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{2D29DBF0-9793-48A7-A7B5-2C57FD6F7575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{36A69E6B-D297-4E9D-B583-AE0E9069133A}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{3926A940-6255-4858-A59C-24BAD565C595}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{402BD6E0-AAFF-4C52-BB0D-64FFF30AC405}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe |
"{4184A000-B161-428B-ADD5-934103A25903}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{4281ACC4-2030-4650-AE7D-8071DF573B8C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{46B930B5-EBB9-453B-B1A8-612D63C3FE8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |
"{498BEF9C-FCB3-42B6-905E-B3944F793C45}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{4B8B7BF5-F04C-4483-85E1-7562E9C4A179}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{5126C1C9-D94B-402A-A6FB-F2AFC7015F56}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{5129E357-58C0-4E4F-A55C-246BD7507E41}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{5310592A-71E8-4BC6-B08A-EF08FFDD88EF}" = protocol=6 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe |
"{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{61D7544D-4383-4394-8A24-2C234FCD2B7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6310BD7E-5856-41D7-8996-B2F9706C807C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{67A06FA2-D024-476E-AC7C-563582D7B91B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{6E2DC041-A6D1-45B1-93A9-0A12E698FED1}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{6E6EC19A-F16F-43C3-98F5-5E0D3392F8AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{701DD33D-18F2-4CB9-B581-6061A43E3E52}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{72DC1A8B-8273-4CAA-89F2-4A103B21E4B7}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{749D543E-9632-43ED-A7D8-0A5F7B3ECF5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78758A6A-D50F-486E-AF12-BCA62339E8B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7EB20E0F-5B4D-4C92-A279-0865BC982169}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83E1B206-CF06-46C1-9A5E-7F9768D8C964}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{85E57662-992C-4163-A5B3-C521E7DA5105}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe |
"{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{99959467-C52F-4B68-8D9E-C1C33658B97A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{999F7D04-0105-447D-B258-FF4F4016E14D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A46525B4-B931-4C4B-9100-3D00B7728D78}" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat |
"{A8B9B93E-6010-4443-B7CF-B18798A56653}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{AA70CC46-4FBD-4A5E-BE55-C584F6BCD5DF}" = protocol=17 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe |
"{B33D8B01-E7E1-41ED-9284-DBBBA17B9295}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{BB5DA8A4-AFA8-4794-944E-0B055B3CA629}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{C5C0144D-72DB-4F08-8899-847F54A5336C}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C65C2B16-A094-4167-8DEB-774A35C6832A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{C8633C17-448C-48CE-9230-5E73BE8CCC06}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D6268E41-2892-42E4-AB00-7E83F83B5170}" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat |
"{D99BA6E2-A59F-489C-BF2B-5B478844FEC2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{DF5C6719-B034-40B8-AF0D-915C6D4D37A2}" = protocol=17 | dir=in | app=d:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{E3D6342A-6112-4779-82E2-1EA72E2AAB1A}" = protocol=17 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{E639A33A-6A8E-4377-8635-5DCFE4638CFB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{E7FB9B55-6DD9-4895-A297-930512CDD874}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{EAF8C6E1-08C5-4166-8276-9CE2FE715E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC35FF56-9005-4B46-916F-08A7DAE9F0BF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{ECAE6A72-D840-48B0-835D-9D0865449697}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{ECC7730F-A00E-4346-858A-294D2349CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EE42CC51-3F73-4A82-A5BA-0DBF212FA4F6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{F2BFBB60-8BC5-4A94-97AF-645D64BA2B0F}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{F5C4D7E3-38DA-467B-9B93-FDB77C0FAE3B}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe |
"{FF75CFB6-2416-4865-9CBE-C4E3F5F8B42C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{33B5272F-A03A-436F-8E4C-A6D01396431B}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"TCP Query User{3D5F350D-5821-43E1-AAC5-17276690076F}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=6 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe |
"TCP Query User{500A52A5-C468-4B60-8217-304FFD88EE0B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{5A55804B-7D73-4BFA-981B-233EB6073441}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"TCP Query User{666FBBD3-CB60-4BE6-87C2-6E5EDD0FA93F}D:\programme\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\programme\chilirec\chilirec.exe |
"TCP Query User{7833C700-5A96-45E1-9C4F-18EB190CC7B0}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"TCP Query User{78DE6F70-097C-47C1-883F-FD738F4EF17A}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"TCP Query User{7A188E3A-5C8D-4529-8AC2-EA59ED69BFEE}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{999C1EAC-A83C-4133-9F5F-FD922007EF49}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
"TCP Query User{A8082984-749C-4C68-95B7-9EEEE46D9B8A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{AA7A2599-DE98-4FC4-8E93-780F0319684F}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{C1328922-FB96-42E0-B343-F53B7C93FFEA}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{D33FE896-1B5C-4D2D-B125-8A6AC36C8D1A}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe |
"TCP Query User{F20D4189-9A49-4D8C-821E-E072845CC6DB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{15573920-5B2A-4733-8F92-272D8300AB68}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"UDP Query User{29B12FD2-CA6E-42A6-91A8-B60D005ED5D2}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{30E27ADE-2D0B-43F0-975D-8183DE686D31}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{332EA9E8-D7B6-4410-9541-CD15051999CD}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=17 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe |
"UDP Query User{42439E35-D610-4E18-81F8-7086057FB250}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{61A5D5A7-9A4A-4DE2-9EE0-E095AB050BAC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{774E6DA8-862E-4B6E-8BD9-A82E3E8652FA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{A7334D05-C0AF-444C-BC6F-F48AA7F64B56}D:\programme\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\programme\chilirec\chilirec.exe |
"UDP Query User{B524DDF5-1C13-477C-BEBD-B480FC6AAB2D}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"UDP Query User{BE0E10DA-472C-41DB-AA5C-04940B2606FD}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C35C9398-2F54-4B75-A1A9-21697613189E}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"UDP Query User{D3AECB7A-EAA4-4539-B0A4-1985764C7C6F}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"UDP Query User{DDAAC868-CEBB-4136-AFDB-4EFFCCD11268}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe |
"UDP Query User{F79D21A8-AC4A-4533-8469-E9A0519928A3}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{33CF8D2C-0430-2949-FD8F-695C97C472C5}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F6FE1DC-E868-B38A-07E5-897508745128}" = ccc-core-static
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D3D867DD-6C81-E695-4FFE-BE921DF44931}" = Catalyst Control Center Graphics Previews Common
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F08A1CA0-55A7-8244-3A05-7431447CE9BA}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chilirec_0" = Chilirec 1.01
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Franzis 3D-Eisenbahnplaner 10.0_is1" = Franzis 3D-Eisenbahnplaner 10.0
"GSplit3Set" = GSplit 3
"Homeworld2" = Homeworld2
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"PSP Video 9" = PSP Video 9 5.03
"Security Task Manager" = Security Task Manager 1.8c
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"Splitit" = Split it 3.2
"StarCraft II" = StarCraft II
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 43110" = Metro 2033
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
"YouTube Downloader App" = YouTube Downloader App 2.03
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2010 08:56:34 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3, Prozess-ID 0x894, Anwendungsstartzeit
01cb42c25851b509.
Error - 23.08.2010 12:37:55 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 09:37:01 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 11:52:43 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 12:06:45 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 26.08.2010 04:04:30 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 26.08.2010 04:08:12 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3, Prozess-ID 0x8a0, Anwendungsstartzeit
01cb44f53d61ce50.
Error - 26.08.2010 06:55:24 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 08.02.2011 06:20:52 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 08.02.2011 09:19:30 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.02.2011 09:19:30 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.02.2011 09:20:05 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 08.02.2011 12:35:11 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.02.2011 12:35:11 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.02.2011 12:36:08 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 08.02.2011 18:22:39 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.02.2011 18:22:39 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.02.2011 18:23:29 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Code:
ATTFilter Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 31. Dezember 2010 15:58
Es wird nach 2313669 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista x64
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ASPIRE-M7720
Versionsinformationen:
BUILD.DAT : 10.0.0.609 31824 Bytes 13.12.2010 09:29:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 09.12.2010 12:41:44
AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 17:36:44
LUKE.DLL : 10.0.3.2 104296 Bytes 09.12.2010 12:41:44
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 09:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:20:41
VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 15:20:41
VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 15:20:41
VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 15:20:41
VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 15:20:41
VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 15:20:41
VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 15:20:41
VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 15:20:41
VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 15:20:41
VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 15:20:41
VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 15:20:41
VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 15:20:41
VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 15:20:42
VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 16:43:43
VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 01:39:59
VBASE016.VDF : 7.11.0.156 122880 Bytes 24.12.2010 14:42:18
VBASE017.VDF : 7.11.0.185 146944 Bytes 27.12.2010 17:00:07
VBASE018.VDF : 7.11.0.228 132608 Bytes 30.12.2010 14:57:31
VBASE019.VDF : 7.11.0.229 2048 Bytes 30.12.2010 14:57:31
VBASE020.VDF : 7.11.0.230 2048 Bytes 30.12.2010 14:57:32
VBASE021.VDF : 7.11.0.231 2048 Bytes 30.12.2010 14:57:32
VBASE022.VDF : 7.11.0.232 2048 Bytes 30.12.2010 14:57:32
VBASE023.VDF : 7.11.0.233 2048 Bytes 30.12.2010 14:57:32
VBASE024.VDF : 7.11.0.234 2048 Bytes 30.12.2010 14:57:32
VBASE025.VDF : 7.11.0.235 2048 Bytes 30.12.2010 14:57:32
VBASE026.VDF : 7.11.0.236 2048 Bytes 30.12.2010 14:57:32
VBASE027.VDF : 7.11.0.237 2048 Bytes 30.12.2010 14:57:32
VBASE028.VDF : 7.11.0.238 2048 Bytes 30.12.2010 14:57:32
VBASE029.VDF : 7.11.0.239 2048 Bytes 30.12.2010 14:57:32
VBASE030.VDF : 7.11.0.240 2048 Bytes 30.12.2010 14:57:32
VBASE031.VDF : 7.11.0.247 33792 Bytes 31.12.2010 14:57:32
Engineversion : 8.2.4.134
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 18:26:49
AESCRIPT.DLL : 8.1.3.51 1286524 Bytes 31.12.2010 14:57:40
AESCN.DLL : 8.1.7.2 127349 Bytes 23.11.2010 18:22:29
AESBX.DLL : 8.1.3.2 254324 Bytes 23.11.2010 18:22:32
AERDL.DLL : 8.1.9.2 635252 Bytes 23.09.2010 07:56:04
AEPACK.DLL : 8.2.4.7 512375 Bytes 31.12.2010 14:57:38
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 23.11.2010 18:22:28
AEHEUR.DLL : 8.1.2.60 3158392 Bytes 31.12.2010 14:57:37
AEHELP.DLL : 8.1.16.0 246136 Bytes 04.12.2010 16:27:33
AEGEN.DLL : 8.1.5.0 397685 Bytes 04.12.2010 16:27:33
AEEMU.DLL : 8.1.3.0 393589 Bytes 23.11.2010 18:22:15
AECORE.DLL : 8.1.19.0 196984 Bytes 04.12.2010 16:27:32
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 17:34:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 09:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 09:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 14:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 04.11.2010 18:08:22
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 09.12.2010 12:41:44
AVARKT.DLL : 10.0.22.6 231784 Bytes 09.12.2010 12:41:43
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 07:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 10:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 13:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 12:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 11:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 04.11.2010 18:08:22
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Freitag, 31. Dezember 2010 15:58
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information\datasecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information\rkeysecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\eula
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\launched
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_sp_hdrdieerweckungdesbalrog
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_te_wow
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_demigod
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_eveonline
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_riddick
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\chapeau claque - ich steine, du steine (peter fox cover)
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\[vimeo-8215444] chapeau claque_ »pale blue«
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\da destiny
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{k7c0db872a3f777c0}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{i11d9da1eba6cb047}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{011d9da1eba6cb047}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Exchange\Forms Registry\cachesynccount
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL3.0\defaultvalue
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\last
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet\3.5\Engines\Jet\usercommitsync
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters\trappolltimemillisecs
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared\HTML\knownids
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\8.0\Calendar\cursize
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\8.0\Calendar\lastcompactsize
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\exe full path
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\radio_select
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\m_lang
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
C:\Users\Allgemein\Pictures
C:\Users\Allgemein\Pictures
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\tgt_mode
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\copy_mode
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\del_mode
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\path_mode
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\cnfrm_dlg
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\m_lang
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\The Silicon Realms Toolworks\Armadillo\{0f943452edeba2f7c}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\showintroframe
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winheight
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winwidth
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
C:\Windows\system32\unregmp2.exe /ShowWMP
C:\Windows\system32\unregmp2.exe /ShowWMP
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files\Windows Media Player
C:\Program Files\Windows Media Player
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files\Windows Media Player
C:\Windows\system32\wbem\Logs\WMITracing.log
C:\Windows\system32\wbem\Logs\WMITracing.log
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Update\network\secure-S-1-5-18\sk
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Update\network\secure-S-1-5-18\c
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype)
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSMSNLoader32.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'WrtProc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'OpWareSE4.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'MouseEditor.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WrtMon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'Agentsvc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'bgsvcgen.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMSServer.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '760' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <ACER>
C:\Users\Allgemein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-6ff35a79
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
--> bpac/a.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
Beginne mit der Suche in 'D:\' <DATA>
D:\Eigene Datein\Sonstiges\STBC Mods\Borg\bdiamond.zip
[0] Archivtyp: ZIP
--> Bdiamond/dapborgdiamond.ace
[1] Archivtyp: ACE
--> dapborgdiamond\Data\Models\Ships\BorgDiamond\BorgDiamond.3ds
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Desinfektion:
C:\Users\Allgemein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-6ff35a79
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4909a54a.qua' verschoben!
Ende des Suchlaufs: Freitag, 31. Dezember 2010 17:15
Benötigte Zeit: 1:16:16 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
38300 Verzeichnisse wurden überprüft
740230 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
740229 Dateien ohne Befall
8587 Archive wurden durchsucht
1 Warnungen
1 Hinweise
853439 Objekte wurden beim Rootkitscan durchsucht
76 Versteckte Objekte wurden gefunden
Vielen Dank Gruß Yetzirah |
|
09.02.2011, 11:13
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - File not found
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
[2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.02.2011, 15:16
| #6 |
| | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, habe alles so ausgeführt wie angegeben leider hängt sich OLT beim Klick auf den Button Fix direkt auf. Oben im Fensterrahmen steht hinter dem Programmnamen "keine Rückmeldung" und am unterstem Rand des Programms steht "Processing PRC - File not fund...". Ich habe 20 Minuten gewartet, aber es hat sich nichts mehr getan, der PC hat auch keinerlei Arbeitsgeräusche mehr von sich gegeben wie z.B. das Rattern der Festplatte. Ich habe das Programm dann über den Task-Manager beendet und es noch mehrmals versucht, immer mit dem selben Ergebniss. Muss ich davor möglicherweise irgendwas deaktivieren? wie z.B den Tea Timer von Spybot oder den Windows Defender? Wie soll ich weiter verfahren? Dank und Gruß Yetzirah |
|
09.02.2011, 15:24
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Lassen wir die Zeile weg Nimm diesen Text als OTL-Fix: Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
[2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
:Commands
[purity]
[resethosts]
[emptytemp]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2011, 17:33
| #8 |
| | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, diesesmal hat alles geklappt, hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 52586 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found.
File move failed. F:\autorun.exe scheduled to be moved on reboot.
C:\Users\Allgemein\AppData\Roaming\69DC.595 moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Allgemein
->Temp folder emptied: 880876 bytes
->Temporary Internet Files folder emptied: 72491807 bytes
->Java cache emptied: 3858691 bytes
->FireFox cache emptied: 76965170 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 12298 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20432209 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 167.00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02092011_172656
Files\Folders moved on Reboot...
File move failed. F:\autorun.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Yetzirah |
|
10.02.2011, 10:25
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2011, 15:11
| #10 |
| | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, habe alles entsprechend der Anleitungen ausgeführt. Hier das ComboFix Log: Code:
ATTFilter ComboFix 11-02-09.05 - Allgemein 10.02.2011 14:51:08.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.6134.4407 [GMT 1:00]
ausgeführt von:: c:\users\Allgemein\Desktop\Cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-10 bis 2011-02-10 ))))))))))))))))))))))))))))))
.
2011-02-10 13:32 . 2011-02-10 13:32 -------- d-----w- c:\programdata\ATI
2011-02-10 12:56 . 2011-02-10 12:56 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-02-10 12:48 . 2011-02-10 12:48 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-02-10 12:48 . 2011-02-10 12:48 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-02-10 12:48 . 2011-02-10 12:48 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-02-10 12:48 . 2011-02-10 12:48 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-02-10 12:46 . 2011-02-10 12:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-02-10 12:46 . 2011-02-10 12:46 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-02-10 12:46 . 2011-02-10 12:46 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2011-02-10 12:46 . 2011-02-10 12:47 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-02-10 12:46 . 2011-02-10 12:46 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-02-10 12:46 . 2011-02-10 12:46 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-02-10 12:46 . 2011-02-10 12:46 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-10 12:46 . 2011-02-10 12:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-02-10 08:57 . 2011-01-06 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-09 13:39 . 2011-02-09 13:39 -------- d-----w- C:\_OTL
2011-02-09 12:24 . 2011-02-09 18:54 -------- d-----w- c:\users\Allgemein\AppData\Local\The Witcher
2011-02-08 11:14 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC4DE615-D186-436A-B414-A11B25AF2D3F}\mpengine.dll
2011-01-11 14:55 . 2011-01-11 14:55 -------- d-----w- c:\program files (x86)\Microsoft.NET
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 12:48 . 2010-07-07 01:53 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-02-10 12:47 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2011-02-10 12:47 . 2010-03-03 03:06 26112 ----a-w- c:\windows\system32\atitmp64.dll
2011-02-10 12:46 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-02-10 12:45 . 2008-11-02 00:13 5305856 ----a-w- c:\windows\system32\atiumd64.dll
2011-02-10 12:45 . 2010-03-03 03:06 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2010-12-31 12:11 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-31 12:11 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-28 12:25 . 2010-12-28 12:25 388096 ----a-r- c:\users\Allgemein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-20 17:09 . 2010-12-27 01:22 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-27 01:22 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-23 18:22 . 2010-04-10 15:53 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-17 12:04 . 2010-11-17 12:04 111120 ----a-w- c:\windows\system32\drivers\AtihdLH6.sys
2010-11-12 17:53 . 2010-08-14 14:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2009-06-16 3317248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 ATICDSDr;ATICDSDr;c:\users\ALLGEM~1\AppData\Local\Temp\ATICDSDr.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-30 110576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [2010-11-17 111120]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2008-06-13 316544]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [2008-04-10 28160]
.
Inhalt des "geplante Tasks" Ordners
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 09:45]
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 09:45]
2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-08-19 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-08-19 323584]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.hotmail.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:52586
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamestar.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Skytel - Skytel.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - d:\games\Electronic Arts\The Lord of the Rings
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,6d,c6,3d,21,06,b2,32,ba,a7,65,f2,82,ea,20,95,2a,f9,cd,4f,2c,49,42,
10,8c,b4,b8,1e,a2,a6,93,64,99,d8,e7,cd,46,80,8a,f8,14,5d,ce,ee,da,55,9a,81,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
[HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,c0,b1,6e,4d,34,c7,2f,9d,17,06,0a,ac,09,bd,ca,f2,ef,e4,de,02,
3a,5f,e1,5a,92,23,f3,4a,17,00,81,5a,d6,a5,f3,71,5f,cb,fd,b0,39,f5,84,c1,7e,\
"rkeysecu"=hex:19,dc,01,73,eb,c8,53,82,f1,61,cb,8a,c4,64,88,43
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
@="c:\\Windows\\SysWow64\\Macromed\\Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-10 15:01:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-10 14:01
Vor Suchlauf: 14 Verzeichnis(se), 276.858.195.968 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 276.512.358.400 Bytes frei
- - End Of File - - 2E9C695C2D31A41DFAF17BC27D89149A
Yetzirah |
|
10.02.2011, 15:15
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2011, 15:37
| #12 |
| | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, hab alle Scans durchlaufen lassen, anders als auf dem Bild in der GMER Anleitung, konnte ich auf der rechten Seite allerdings nur bei den unteren 3 Punkten (Services, Registry und Files) einen Haken setzen, alle Punkte darüber waren ausgegraut. Nach dem Scan meldete GMER das es nichts gefunden hat, auch das abgespeicherte Log war gänzlich leer. Hier das MBRCheck Log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: AMI
System Manufacturer: Acer
System Product Name: Aspire M7720
Logical Drives Mask: 0x000007fc
Kernel Drivers (total 151):
0x02062000 \SystemRoot\system32\ntoskrnl.exe
0x0201C000 \SystemRoot\system32\hal.dll
0x0060D000 \SystemRoot\system32\kdcom.dll
0x00617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00652000 \SystemRoot\system32\PSHED.dll
0x00666000 \SystemRoot\system32\CLFS.SYS
0x006C3000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F4000 \SystemRoot\system32\drivers\acpi.sys
0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095D000 \SystemRoot\system32\drivers\pci.sys
0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
0x009A2000 \SystemRoot\system32\drivers\volmgr.sys
0x00775000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B6000 \SystemRoot\System32\drivers\mountmgr.sys
0x009C9000 \SystemRoot\System32\Drivers\UBHelper.sys
0x00A0A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B24000 \SystemRoot\system32\drivers\atapi.sys
0x00B2C000 \SystemRoot\system32\drivers\ataport.SYS
0x00B50000 \SystemRoot\system32\drivers\msahci.sys
0x00B5A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00B6A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00BB1000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BC5000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x00C02000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0D000 \SystemRoot\system32\drivers\ndis.sys
0x00C89000 \SystemRoot\system32\drivers\msrpc.sys
0x00CD9000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100B000 \SystemRoot\System32\drivers\tcpip.sys
0x01181000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138F000 \SystemRoot\system32\drivers\volsnap.sys
0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
0x013DB000 \SystemRoot\System32\Drivers\mup.sys
0x011AD000 \SystemRoot\System32\drivers\ecache.sys
0x011D9000 \SystemRoot\system32\drivers\disk.sys
0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013ED000 \SystemRoot\system32\drivers\crcdisk.sys
0x0291E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0292B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02934000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02947000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x02C0A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03441000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03524000 \SystemRoot\System32\drivers\watchdog.sys
0x03609000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x036F6000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x03746000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03752000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03798000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x037A9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x037BB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x037E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x037EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03534000 \SystemRoot\system32\DRIVERS\serial.sys
0x03551000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0355D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03600000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x03579000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03582000 \SystemRoot\system32\DRIVERS\serscan.sys
0x0358A000 \SystemRoot\system32\drivers\ksthunk.sys
0x03590000 \SystemRoot\system32\drivers\ks.sys
0x035C4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02994000 \SystemRoot\system32\DRIVERS\storport.sys
0x029F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x00D32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x011ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00D55000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00D86000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00D96000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00DB4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00DCC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x00DDF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0380D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03855000 \SystemRoot\system32\drivers\AtihdLH6.sys
0x03875000 \SystemRoot\system32\drivers\portcls.sys
0x038B0000 \SystemRoot\system32\drivers\drmk.sys
0x04205000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04372000 \SystemRoot\system32\drivers\gwfilt64.sys
0x04380000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04394000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0439E000 \SystemRoot\System32\Drivers\Null.SYS
0x043B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x043BA000 \SystemRoot\System32\drivers\vga.sys
0x043C8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x043ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x043F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x043A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x038D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x038E4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x038ED000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0390A000 \SystemRoot\system32\DRIVERS\smb.sys
0x03925000 \SystemRoot\system32\drivers\afd.sys
0x03990000 \SystemRoot\System32\DRIVERS\netbt.sys
0x039D4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x037CB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00BCE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x039F2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04403000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04450000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0445C000 \SystemRoot\System32\Drivers\dfsc.sys
0x04479000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x0449B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x044B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x044B9000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x044C9000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x044D4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x044EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x044F5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04507000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04512000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0451D000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0456B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02800000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x04579000 \SystemRoot\System32\drivers\Dxapi.sys
0x04585000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x04598000 \SystemRoot\system32\drivers\luafv.sys
0x045BA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x006E0000 \SystemRoot\System32\cdd.dll
0x05E08000 \SystemRoot\system32\drivers\spsys.sys
0x05EA2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05EB6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05ECE000 \SystemRoot\system32\drivers\HTTP.sys
0x05F71000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05F9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05FB8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05FD2000 \SystemRoot\system32\drivers\mrxdav.sys
0x045D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06201000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0624A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06269000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0629B000 \SystemRoot\System32\DRIVERS\srv.sys
0x0632F000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x0637E000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
0x06396000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x05606000 \SystemRoot\system32\drivers\peauth.sys
0x056BC000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x056C5000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x056D8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x056E3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x056F3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05713000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x05729000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x777F0000 \Windows\System32\ntdll.dll
Processes (total 73):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
576 csrss.exe
632 C:\Windows\System32\wininit.exe
652 csrss.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\atiesrxx.exe
388 C:\Windows\System32\winlogon.exe
356 C:\Windows\System32\svchost.exe
540 C:\Windows\System32\svchost.exe
564 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\audiodg.exe
1032 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\SLsvc.exe
1100 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\spoolsv.exe
1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1460 C:\Windows\System32\svchost.exe
1772 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1784 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
1868 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1884 C:\Windows\SysWOW64\bgsvcgen.exe
1916 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1928 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1992 C:\Windows\System32\atieclxx.exe
2076 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2232 C:\Windows\System32\dwm.exe
2316 C:\Windows\explorer.exe
2356 C:\Windows\System32\taskeng.exe
2556 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2732 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2916 C:\Windows\RAVCpl64.exe
2924 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
2932 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
2940 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
2964 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2972 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2980 C:\Windows\ehome\ehtray.exe
3008 C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2616 C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
844 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2656 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2720 C:\Windows\ehome\ehmsas.exe
2176 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
848 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
268 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
2608 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2676 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
3092 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
3116 C:\Windows\SysWOW64\PnkBstrA.exe
3128 C:\Windows\System32\svchost.exe
3148 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
3180 C:\Windows\System32\svchost.exe
3216 C:\Windows\System32\svchost.exe
3244 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3392 C:\Windows\System32\SearchIndexer.exe
3484 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3760 WUDFHost.exe
3828 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4012 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4216 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5032 C:\Users\Allgemein\Desktop\vh69jch7.exe
3504 C:\Windows\System32\svchost.exe
4152 dllhost.exe
4704 dllhost.exe
4148 C:\Users\Allgemein\Desktop\MBRCheck.exe
3712 C:\Windows\SysWOW64\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005f`58500000 (NTFS)
PhysicalDrive0 Model Number: WDCWD10EAVS-00D7B1, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Acer MBR code detected
SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003
Done!
Yetzirah |
|
11.02.2011, 16:04
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2011, 00:02
| #14 |
| | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, habe die Scans durchgeführt, Malewarebytes hat einen Fund gemeldet, Superantispyware blieb ohne Fund. 2 kurze Fragen, falls es keine Umstände macht. Warum konnte ich bei GMER, entgegen der Anleitung, nur die 3 Haken setzen? Und was genau hat Malewarebytes da gefunden? Hier das Malewarebytes Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5742
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
11.02.2011 20:37:44
mbam-log-2011-02-11 (20-37-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 388161
Laufzeit: 54 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 02/11/2011 bei 07:04 PM
Version der Applikation : 4.47.1000
Version der Kern-Datenbank : 6381
Version der Spur-Datenbank : 4193
Scan Art : kompletter Scann
Totale Scann-Zeit : 01:45:01
Gescannte Speicherelemente : 724
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 13320
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 245587
Erfasste Datei-Elemente : 0
Yetzirah |
|
12.02.2011, 00:12
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Sieht ok aus, da wurden nur ein Überrest gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware |
| antivir, avg, avira, bonjour, bonkers, canon, dateien, defender, desktop, entfernen, explorer, firefox, home, home premium, löschen, malwarebytes, microsoft, mozilla, nicht sicher, prefetch, programdata, programm, programme, rarsfx0, security, security shield, sicherheit, start menu, superantispyware, syswow64, tan, temp, trojaner, trojaner eingefangen, vista, wmp |
Linear-Darstellung
