|
Log-Analyse und Auswertung: Security Shild entfernt, trotzdem Fund durch SUPERAntiSpywareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.12.2010, 17:57 | #1 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, ich habe mir heute den Security Shield Trojaner eingefangen und ihn so wie in der Anleitung "My Security Shield entfernen" angegeben, beseitigt. Der Rechner läuft soweit ich das beurteilen kann wieder normal. Zur Sicherheit habe ich nochmal das Programm SUPERAntiSpyware drüberlaufen lassen, dieses hat dann doch noch etliche Einträge gefunden. Ich wäre sehr dankbar wenn sich die Logs nochmal jemand anschauen könnte. Die gefundenen Datein befinden sich momentan in Quarantäne, da ich nicht sicher bin ob ich sie einfach löschen kann. Hier nun eine Handvoll Logs die ich bisher zusammengetragen habe: Log von Malwarebytes Anti- Malware nach Entfernung von Security Shild: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5400 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 27.12.2010 03:21:56 mbam-log-2010-12-27 (03-21-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 373640 Laufzeit: 44 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: AMI System Manufacturer: Acer System Product Name: Aspire M7720 Logical Drives Mask: 0x000003fc Kernel Drivers (total 150): 0x02048000 \SystemRoot\system32\ntoskrnl.exe 0x02002000 \SystemRoot\system32\hal.dll 0x00602000 \SystemRoot\system32\kdcom.dll 0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00647000 \SystemRoot\system32\PSHED.dll 0x0065B000 \SystemRoot\system32\CLFS.SYS 0x006B8000 \SystemRoot\system32\CI.dll 0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008EE000 \SystemRoot\system32\drivers\acpi.sys 0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS 0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys 0x00957000 \SystemRoot\system32\drivers\pci.sys 0x00987000 \SystemRoot\System32\drivers\partmgr.sys 0x0099C000 \SystemRoot\system32\drivers\volmgr.sys 0x0076A000 \SystemRoot\System32\drivers\volmgrx.sys 0x009B0000 \SystemRoot\System32\drivers\mountmgr.sys 0x009C3000 \SystemRoot\System32\Drivers\UBHelper.sys 0x00A0D000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x00B27000 \SystemRoot\system32\drivers\atapi.sys 0x00B2F000 \SystemRoot\system32\drivers\ataport.SYS 0x00B53000 \SystemRoot\system32\drivers\msahci.sys 0x00B5D000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00B6D000 \SystemRoot\system32\drivers\fltmgr.sys 0x00BB4000 \SystemRoot\system32\drivers\fileinfo.sys 0x00BC8000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x00C08000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E0F000 \SystemRoot\system32\drivers\ndis.sys 0x00C8F000 \SystemRoot\system32\drivers\msrpc.sys 0x00CDF000 \SystemRoot\system32\drivers\NETIO.SYS 0x0100F000 \SystemRoot\System32\drivers\tcpip.sys 0x01185000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0120C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0138C000 \SystemRoot\system32\drivers\volsnap.sys 0x013D0000 \SystemRoot\System32\Drivers\spldr.sys 0x013D8000 \SystemRoot\System32\Drivers\mup.sys 0x011B1000 \SystemRoot\System32\drivers\ecache.sys 0x013EA000 \SystemRoot\system32\drivers\disk.sys 0x00FD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x01200000 \SystemRoot\system32\drivers\crcdisk.sys 0x02523000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02530000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02539000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0254C000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x02C0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x02A03000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x02AE6000 \SystemRoot\System32\drivers\watchdog.sys 0x02AF6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x0333C000 \SystemRoot\system32\DRIVERS\e1y60x64.sys 0x02BE3000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x0338C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x02BEF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x033D2000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x033E4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x025A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x033F4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x025B6000 \SystemRoot\system32\DRIVERS\serial.sys 0x02C00000 \SystemRoot\system32\DRIVERS\serenum.sys 0x025D3000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x025EF000 \SystemRoot\system32\Drivers\NTIDrvr.sys 0x025F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x02400000 \SystemRoot\system32\DRIVERS\serscan.sys 0x011EB000 \SystemRoot\system32\drivers\ksthunk.sys 0x00D38000 \SystemRoot\system32\drivers\ks.sys 0x00D6C000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x0340D000 \SystemRoot\system32\DRIVERS\storport.sys 0x0346A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03477000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0349A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x034A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x034D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x034E7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03505000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x0351D000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03530000 \SystemRoot\system32\DRIVERS\swenum.sys 0x03532000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x0353D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0354D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x03595000 \SystemRoot\system32\drivers\AtiHdmi.sys 0x035B6000 \SystemRoot\system32\drivers\portcls.sys 0x00DA5000 \SystemRoot\system32\drivers\drmk.sys 0x04001000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x0416E000 \SystemRoot\system32\drivers\gwfilt64.sys 0x0417C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04190000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x0419A000 \SystemRoot\System32\Drivers\Null.SYS 0x041AE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x041B6000 \SystemRoot\System32\drivers\vga.sys 0x041C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x041E9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x041F2000 \SystemRoot\system32\drivers\rdpencdd.sys 0x041A3000 \SystemRoot\System32\Drivers\Msfs.SYS 0x00DC8000 \SystemRoot\System32\Drivers\Npfs.SYS 0x035F1000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x00DD9000 \SystemRoot\system32\DRIVERS\tdx.sys 0x00BD1000 \SystemRoot\system32\DRIVERS\smb.sys 0x04208000 \SystemRoot\system32\drivers\afd.sys 0x04273000 \SystemRoot\System32\DRIVERS\netbt.sys 0x042B7000 \SystemRoot\system32\DRIVERS\pacer.sys 0x042D5000 \SystemRoot\system32\DRIVERS\netbios.sys 0x042E4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x042FF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x04309000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x04313000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04360000 \SystemRoot\system32\drivers\nsiproxy.sys 0x0436C000 \SystemRoot\System32\Drivers\dfsc.sys 0x04389000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x043AB000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x043C7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x043C9000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x043D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x043E4000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x043F4000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x009CB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x03400000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x02592000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x02408000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04408000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x00050000 \SystemRoot\System32\win32k.sys 0x04522000 \SystemRoot\System32\drivers\Dxapi.sys 0x0452E000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00470000 \SystemRoot\System32\TSDDD.dll 0x00670000 \SystemRoot\System32\cdd.dll 0x04541000 \SystemRoot\system32\drivers\luafv.sys 0x04563000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x02416000 \SystemRoot\system32\drivers\spsys.sys 0x04580000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x04594000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x06401000 \SystemRoot\system32\drivers\HTTP.sys 0x064A4000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x064CD000 \SystemRoot\system32\DRIVERS\bowser.sys 0x064EB000 \SystemRoot\System32\drivers\mpsdrv.sys 0x06505000 \SystemRoot\system32\drivers\mrxdav.sys 0x0652C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x06555000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0659E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x065BD000 \SystemRoot\System32\DRIVERS\srv2.sys 0x06802000 \SystemRoot\System32\DRIVERS\srv.sys 0x06896000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x068E5000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys 0x068FD000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x0690A000 \SystemRoot\system32\drivers\peauth.sys 0x069C0000 \SystemRoot\system32\DRIVERS\PSDNServ.sys 0x069C9000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys 0x069DC000 \SystemRoot\System32\Drivers\secdrv.SYS 0x069E7000 \SystemRoot\System32\drivers\tcpipreg.sys 0x045AC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x045CC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x045E2000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x771A0000 \Windows\System32\ntdll.dll Processes (total 82): 0 System Idle Process 4 System 504 C:\Windows\System32\smss.exe 572 csrss.exe 628 C:\Windows\System32\wininit.exe 648 csrss.exe 684 C:\Windows\System32\services.exe 696 C:\Windows\System32\lsass.exe 704 C:\Windows\System32\lsm.exe 860 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\winlogon.exe 992 C:\Windows\System32\svchost.exe 340 C:\Windows\System32\svchost.exe 380 C:\Windows\System32\atiesrxx.exe 352 C:\Windows\System32\svchost.exe 552 C:\Windows\System32\svchost.exe 576 C:\Windows\System32\svchost.exe 732 C:\Windows\System32\audiodg.exe 1040 C:\Windows\System32\svchost.exe 1056 C:\Windows\System32\SLsvc.exe 1108 C:\Windows\System32\svchost.exe 1212 C:\Windows\System32\svchost.exe 1468 C:\Windows\System32\spoolsv.exe 1492 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1508 C:\Windows\System32\svchost.exe 1812 C:\Windows\System32\atieclxx.exe 1180 C:\Windows\System32\dwm.exe 2072 C:\Windows\System32\taskeng.exe 2104 C:\Windows\explorer.exe 2180 C:\Windows\System32\taskeng.exe 2512 C:\Program Files\Windows Defender\MSASCui.exe 2520 C:\Windows\RAVCpl64.exe 2536 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe 2544 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe 2552 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe 2568 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 2576 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe 2584 C:\Windows\ehome\ehtray.exe 2592 C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe 2600 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe 2608 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 2672 C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe 2688 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2704 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2712 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2768 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 2788 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 2832 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 2852 C:\Windows\SysWOW64\bgsvcgen.exe 2880 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 2892 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 2920 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 3024 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 3052 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 700 C:\Windows\ehome\ehmsas.exe 980 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe 2252 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe 2492 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1352 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 2652 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 2164 C:\Windows\SysWOW64\PnkBstrA.exe 3080 C:\Windows\System32\svchost.exe 3112 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 3136 C:\Windows\System32\svchost.exe 3172 C:\Windows\System32\svchost.exe 3212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3276 C:\Windows\System32\SearchIndexer.exe 3400 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 3580 WUDFHost.exe 3716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 1304 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4116 C:\Program Files\Windows Media Player\wmpnscfg.exe 4240 C:\Program Files\Windows Media Player\wmpnetwk.exe 3808 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4904 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 5020 WmiPrvSE.exe 524 C:\Windows\System32\VSSVC.exe 4312 C:\Windows\System32\svchost.exe 2024 dllhost.exe 4800 dllhost.exe 5024 C:\Users\Allgemein\Downloads\Spyware vernichten\MBRCheck.exe 3132 C:\Windows\SysWOW64\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005f`58500000 (NTFS) PhysicalDrive0 Model Number: WDCWD10EAVS-00D7B1, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Acer MBR code detected SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003 Done! Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/27/2010 at 04:15 PM Application Version : 4.47.1000 Core Rules Database Version : 6072 Trace Rules Database Version: 3884 Scan type : Complete Scan Total Scan Time : 01:32:26 Memory items scanned : 746 Memory threats detected : 0 Registry items scanned : 13311 Registry threats detected : 0 File items scanned : 233540 File threats detected : 31 Trojan.Agent/Gen-Koobface[Bonkers] D:\PROGRAMME\LOGICCODE\SPLIT IT\SPLIT IT.EXE C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\LOGICCODE\SPLIT IT\SPLIT IT.LNK C:\USERS\ALLGEMEIN\DESKTOP\NICHT VERWENDETE VERKNüPFUNGEN\SPLIT IT.LNK Trojan.Agent/Gen-IEFake C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\H\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\PROCS\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\H\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\H\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\PROCS\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\H\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\PROCS\IEXPLORE.EXE C:\Windows\Prefetch\IEXPLORE.EXE-00CFD614.pf C:\Windows\Prefetch\IEXPLORE.EXE-11D07DDF.pf C:\Windows\Prefetch\IEXPLORE.EXE-180A086C.pf C:\Windows\Prefetch\IEXPLORE.EXE-1E4392F9.pf C:\Windows\Prefetch\IEXPLORE.EXE-2BCB2F41.pf C:\Windows\Prefetch\IEXPLORE.EXE-56C6886E.pf C:\Windows\Prefetch\IEXPLORE.EXE-81C1E19B.pf Trojan.Agent/Gen-IExplorer[Fake] C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\NIRD\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\NIRD\IEXPLORE.EXE C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\NIRD\IEXPLORE.EXE C:\Windows\Prefetch\IEXPLORE.EXE-610B2EDF.pf C:\Windows\Prefetch\IEXPLORE.EXE-6D01CA8A.pf C:\Windows\Prefetch\IEXPLORE.EXE-78F86635.pf Vielen, vielen Dank im Vorraus Gruß Yetzirah |
28.12.2010, 13:39 | #2 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo,
__________________hier noch ein paar zusätzliche Logs. HiJackThis Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:29:44, on 28.12.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52586 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" O4 - HKLM\..\Run: [WarReg_PopUp] "C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MotionSD STUDIO - Autostart SD Browser -.lnk = C:\Program Files (x86)\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10963 bytes OLT Log: Code:
ATTFilter OTL logfile created on: 28.12.2010 14:07:09 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allgemein\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free 12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated) DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated) DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation) DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gamestar.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52586 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Programme\browserrecord\firefox\ext [2009.12.25 15:34:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.18 10:46:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.18 10:46:18 | 000,000,000 | ---D | M] [2008.12.31 00:08:53 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Extensions [2010.12.28 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions [2010.04.30 13:53:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.29 12:52:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.03 00:50:34 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.12.29 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\imagedownload@whygudu.iblog.cn [2010.12.22 13:10:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.14 15:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.26 20:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 13:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.14 01:41:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.14 01:41:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.11.14 01:41:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.14 01:41:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.14 01:41:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.27 03:48:33 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.28 14:05:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2010.12.28 13:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\SUPERAntiSpyware.com [2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.12.27 14:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2010.12.27 14:36:03 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.12.27 04:08:33 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\Desktop\Sicherheit [2010.12.27 03:53:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.27 02:22:34 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Malwarebytes [2010.12.27 02:22:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.27 02:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.27 02:22:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.27 02:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.27 01:31:30 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr [2010.12.25 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Avira [2010.12.22 13:10:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.12.21 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Stardock [2010.12.21 17:52:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6C72D0C5-6D41-4646-A187-62A044E7F55E} [2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2010.12.21 17:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489} [2010.12.21 17:39:20 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\PackageAware [2010.12.18 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\Ironclad Games [2010.12.18 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso [2010.12.18 10:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.12.15 09:47:28 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 09:47:28 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 09:47:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.12.15 09:47:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.12.15 09:47:28 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 09:47:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 09:47:25 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 09:47:17 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 09:47:17 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 09:47:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 09:47:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.12.15 09:47:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.12.15 09:47:16 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.12.15 09:47:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.12.15 09:47:16 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 09:47:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 09:47:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 09:47:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.12.15 09:47:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 09:47:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 09:47:16 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.12.15 09:47:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.12.15 09:47:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.12.15 09:47:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.12.15 09:47:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 09:47:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.12.15 09:47:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.12.15 09:47:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.12.15 09:47:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.12.15 09:47:16 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 09:47:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 09:47:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.12.15 09:47:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 09:47:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 09:47:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.15 09:47:05 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 09:47:05 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 09:47:05 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 09:47:05 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 09:47:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 09:47:05 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.11.29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.11.29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2008.11.02 01:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.12.28 14:07:39 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.28 14:07:39 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.28 14:07:39 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.28 14:07:39 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.28 14:07:39 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.28 14:05:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2010.12.28 14:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.28 14:02:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2010.12.28 14:01:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.28 14:01:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job [2010.12.27 16:56:33 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc [2010.12.27 04:07:19 | 000,022,918 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg [2010.12.27 04:06:53 | 000,110,068 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg [2010.12.27 03:48:33 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2010.12.27 02:02:13 | 000,004,379 | ---- | M] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 [2010.12.25 18:00:34 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101227-013740.backup [2010.12.24 02:37:36 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101225-180034.backup [2010.12.23 02:40:20 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101224-023736.backup [2010.12.23 02:39:35 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-024020.backup [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 10:37:49 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-023935.backup [2010.12.17 16:17:50 | 000,301,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.12 16:56:45 | 000,025,088 | ---- | M] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc [2010.12.05 23:35:09 | 000,000,000 | ---- | M] () -- C:\Users\Allgemein\Documents\NEWSOFT [2010.12.05 15:28:35 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc [2010.11.29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.11.29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts ========== Files Created - No Company Name ========== [2010.12.27 15:51:37 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc [2010.12.27 04:07:14 | 000,022,918 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg [2010.12.27 04:06:41 | 000,110,068 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg [2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 [2010.12.12 16:40:37 | 000,025,088 | ---- | C] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc [2010.12.05 15:18:01 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.04.10 16:49:49 | 000,437,210 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI213B.txt [2010.04.10 16:49:49 | 000,012,578 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI213B.txt [2010.01.08 20:07:21 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\memio.dll [2010.01.08 19:27:35 | 000,000,293 | ---- | C] () -- C:\Windows\asfbinapp.INI [2010.01.06 18:27:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.31 17:16:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2009.09.26 22:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.26 22:42:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.29 14:06:57 | 000,420,038 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI146E.txt [2009.03.29 14:06:56 | 000,012,266 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI146E.txt [2009.01.13 23:47:51 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2009.01.13 23:46:50 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.01.11 20:46:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.07 13:43:12 | 000,000,000 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\wklnhst.dat [2008.12.31 00:52:12 | 000,016,896 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.06 12:44:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.12.06 12:44:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.11.01 17:30:21 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Acer GameZone Console [2010.06.06 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Bioshock2 [2009.09.02 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Canon [2009.12.22 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Chilirec [2010.12.27 02:03:52 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr [2008.12.30 22:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\eSobi [2010.01.08 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\GSplit [2009.12.10 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Lite [2009.08.08 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2009.08.31 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files [2009.01.13 23:56:04 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\NewSoft [2009.12.23 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Red Kawa [2009.12.22 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Regensoft [2009.01.13 23:46:47 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\ScanSoft [2010.12.21 17:53:28 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Stardock [2009.01.07 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Template [2010.12.28 13:40:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.12.2010 14:07:10 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allgemein\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free 12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 9F 3C 58 EC 4B 91 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0240063B-1EB7-4F0A-8E93-E8CD96E22FC8}" = rport=137 | protocol=17 | dir=out | app=system | "{25BFF978-C264-4859-AE85-7DB82EE643C4}" = rport=138 | protocol=17 | dir=out | app=system | "{3DE0E038-5ADE-4B33-965F-32C3FD6C0A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{40BCBEB3-82D5-47A3-B5FC-16D44011C3EE}" = lport=445 | protocol=6 | dir=in | app=system | "{5711C6B5-9DD6-4886-A79A-D85520181EEC}" = lport=137 | protocol=17 | dir=in | app=system | "{69880AA5-1FCB-40B2-A84F-548239754790}" = rport=445 | protocol=6 | dir=out | app=system | "{7FDBF630-C604-454B-8B73-31B2379548E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B78A21A9-910C-4D91-B328-9A5B0B3475C2}" = rport=139 | protocol=6 | dir=out | app=system | "{E1419C83-EC22-479F-AC5D-F56C76A7CC36}" = lport=138 | protocol=17 | dir=in | app=system | "{FAF5A809-00FC-46AB-B487-E86B5A009296}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{037FFE8B-1E0C-4198-B825-B0ACE994BC4C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | "{0660CFC7-D1FB-4584-B077-BEC544B1A303}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{06D67C2F-1D90-483B-AC97-8714ACB840FB}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | "{07200103-3EB4-46D8-8E1A-C0BC22080E86}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{164ACAF1-B5CB-44F0-8523-9BC94E585EA0}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{174EB543-EC4D-4914-93B6-F45D1F1EFFD7}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | "{19AB0D20-8B39-467D-A26C-CAF693402058}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | "{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{1F3F6B2A-4651-4647-B799-2C8655290083}" = protocol=6 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | "{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{2D29DBF0-9793-48A7-A7B5-2C57FD6F7575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{36A69E6B-D297-4E9D-B583-AE0E9069133A}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{3926A940-6255-4858-A59C-24BAD565C595}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{402BD6E0-AAFF-4C52-BB0D-64FFF30AC405}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | "{4184A000-B161-428B-ADD5-934103A25903}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | "{4281ACC4-2030-4650-AE7D-8071DF573B8C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{46B930B5-EBB9-453B-B1A8-612D63C3FE8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | "{498BEF9C-FCB3-42B6-905E-B3944F793C45}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | "{4B8B7BF5-F04C-4483-85E1-7562E9C4A179}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{5126C1C9-D94B-402A-A6FB-F2AFC7015F56}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{5129E357-58C0-4E4F-A55C-246BD7507E41}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | "{5310592A-71E8-4BC6-B08A-EF08FFDD88EF}" = protocol=6 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | "{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{61D7544D-4383-4394-8A24-2C234FCD2B7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6310BD7E-5856-41D7-8996-B2F9706C807C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{67A06FA2-D024-476E-AC7C-563582D7B91B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{6E2DC041-A6D1-45B1-93A9-0A12E698FED1}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{6E6EC19A-F16F-43C3-98F5-5E0D3392F8AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{701DD33D-18F2-4CB9-B581-6061A43E3E52}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{72DC1A8B-8273-4CAA-89F2-4A103B21E4B7}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | "{749D543E-9632-43ED-A7D8-0A5F7B3ECF5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{78758A6A-D50F-486E-AF12-BCA62339E8B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7EB20E0F-5B4D-4C92-A279-0865BC982169}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{83E1B206-CF06-46C1-9A5E-7F9768D8C964}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{85E57662-992C-4163-A5B3-C521E7DA5105}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | "{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{99959467-C52F-4B68-8D9E-C1C33658B97A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A46525B4-B931-4C4B-9100-3D00B7728D78}" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | "{A8B9B93E-6010-4443-B7CF-B18798A56653}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{AA70CC46-4FBD-4A5E-BE55-C584F6BCD5DF}" = protocol=17 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | "{B33D8B01-E7E1-41ED-9284-DBBBA17B9295}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{BB5DA8A4-AFA8-4794-944E-0B055B3CA629}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{C5C0144D-72DB-4F08-8899-847F54A5336C}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | "{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{C65C2B16-A094-4167-8DEB-774A35C6832A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "{C8633C17-448C-48CE-9230-5E73BE8CCC06}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{D6268E41-2892-42E4-AB00-7E83F83B5170}" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | "{D99BA6E2-A59F-489C-BF2B-5B478844FEC2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "{E3D6342A-6112-4779-82E2-1EA72E2AAB1A}" = protocol=17 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | "{E639A33A-6A8E-4377-8635-5DCFE4638CFB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{E7FB9B55-6DD9-4895-A297-930512CDD874}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{EAF8C6E1-08C5-4166-8276-9CE2FE715E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{EC35FF56-9005-4B46-916F-08A7DAE9F0BF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | "{ECAE6A72-D840-48B0-835D-9D0865449697}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | "{ECC7730F-A00E-4346-858A-294D2349CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F2BFBB60-8BC5-4A94-97AF-645D64BA2B0F}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | "{F5C4D7E3-38DA-467B-9B93-FDB77C0FAE3B}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | "{FF75CFB6-2416-4865-9CBE-C4E3F5F8B42C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{33B5272F-A03A-436F-8E4C-A6D01396431B}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe | "TCP Query User{3D5F350D-5821-43E1-AAC5-17276690076F}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=6 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | "TCP Query User{500A52A5-C468-4B60-8217-304FFD88EE0B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{5A55804B-7D73-4BFA-981B-233EB6073441}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | "TCP Query User{666FBBD3-CB60-4BE6-87C2-6E5EDD0FA93F}D:\programme\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\programme\chilirec\chilirec.exe | "TCP Query User{7833C700-5A96-45E1-9C4F-18EB190CC7B0}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "TCP Query User{78DE6F70-097C-47C1-883F-FD738F4EF17A}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | "TCP Query User{7A188E3A-5C8D-4529-8AC2-EA59ED69BFEE}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | "TCP Query User{999C1EAC-A83C-4133-9F5F-FD922007EF49}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | "TCP Query User{A8082984-749C-4C68-95B7-9EEEE46D9B8A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{AA7A2599-DE98-4FC4-8E93-780F0319684F}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | "TCP Query User{C1328922-FB96-42E0-B343-F53B7C93FFEA}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "TCP Query User{D33FE896-1B5C-4D2D-B125-8A6AC36C8D1A}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | "TCP Query User{F20D4189-9A49-4D8C-821E-E072845CC6DB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "UDP Query User{15573920-5B2A-4733-8F92-272D8300AB68}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "UDP Query User{29B12FD2-CA6E-42A6-91A8-B60D005ED5D2}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | "UDP Query User{30E27ADE-2D0B-43F0-975D-8183DE686D31}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{332EA9E8-D7B6-4410-9541-CD15051999CD}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=17 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | "UDP Query User{42439E35-D610-4E18-81F8-7086057FB250}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | "UDP Query User{61A5D5A7-9A4A-4DE2-9EE0-E095AB050BAC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "UDP Query User{774E6DA8-862E-4B6E-8BD9-A82E3E8652FA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{A7334D05-C0AF-444C-BC6F-F48AA7F64B56}D:\programme\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\programme\chilirec\chilirec.exe | "UDP Query User{B524DDF5-1C13-477C-BEBD-B480FC6AAB2D}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | "UDP Query User{BE0E10DA-472C-41DB-AA5C-04940B2606FD}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "UDP Query User{C35C9398-2F54-4B75-A1A9-21697613189E}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe | "UDP Query User{D3AECB7A-EAA4-4539-B0A4-1985764C7C6F}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | "UDP Query User{DDAAC868-CEBB-4136-AFDB-4EFFCCD11268}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | "UDP Query User{F79D21A8-AC4A-4533-8469-E9A0519928A3}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{752CCAEE-8E33-DE50-9454-B377A2205193}" = ccc-utility64 "{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0 "CanonMyPrinter" = Canon My Printer "CCleaner" = CCleaner "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "PROSetDX" = Intel(R) Network Connections 13.1.33.0 "Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7 "{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23 "{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2 "{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2 "{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4 "{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king "{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix "{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20 "{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "CanonSolutionMenu" = Canon Utilities Solution Menu "Chilirec_0" = Chilirec 1.01 "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "FLV Player" = FLV Player 2.0 (build 25) "Franzis 3D-Eisenbahnplaner 10.0_is1" = Franzis 3D-Eisenbahnplaner 10.0 "GSplit3Set" = GSplit 3 "Homeworld2" = Homeworld2 "Impulse" = Impulse "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix "InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault "InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP Navigator EX 1.1" = Canon MP Navigator EX 1.1 "PSP Video 9" = PSP Video 9 5.03 "RealPlayer 12.0" = RealPlayer "Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity "Splitit" = Split it 3.2 "StarCraft II" = StarCraft II "Steam App 15620" = Warhammer 40,000: Dawn of War II "Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising "Steam App 35700" = Trine "Steam App 400" = Portal "Steam App 40100" = Supreme Commander 2 "Steam App 43110" = Metro 2033 "VLC media player" = VLC media player 1.0.3 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "X3TerranConflict_is1" = X3 Terran Conflict v3.0 "YouTube Downloader App" = YouTube Downloader App 2.03 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.08.2010 12:13:12 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 22.08.2010 12:59:02 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 23.08.2010 08:55:13 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 23.08.2010 08:56:34 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3, Prozess-ID 0x894, Anwendungsstartzeit 01cb42c25851b509. Error - 23.08.2010 12:37:55 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 09:37:01 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 11:52:43 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 12:06:45 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ System Events ] Error - 27.12.2010 09:33:23 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = Error - 27.12.2010 12:17:14 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.12.2010 13:19:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.12.2010 13:20:20 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = Error - 27.12.2010 14:35:25 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.12.2010 14:36:24 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = Error - 28.12.2010 08:18:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 28.12.2010 08:19:12 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = Error - 28.12.2010 09:01:07 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 28.12.2010 09:01:50 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = < End of report > Yetzirah Geändert von Yetzirah (28.12.2010 um 14:14 Uhr) |
08.02.2011, 16:49 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo und
__________________Die geposteten Logs sind zu alt, daher bitte neue machen: Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
09.02.2011, 01:26 | #4 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo Cosinus, danke für deine Hilfe, hier die Logs: Vollscan mit Malewarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5715 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 09.02.2011 00:19:13 mbam-log-2011-02-09 (00-19-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 384481 Laufzeit: 51 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5400 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 27.12.2010 02:25:56 mbam-log-2010-12-27 (02-25-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 153857 Laufzeit: 1 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\ALLGEM~1\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\allgemein\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\allgemein\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\allgemein\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully. c:\Users\allgemein\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. Hier das OLT Log: Code:
ATTFilter OTL logfile created on: 09.02.2011 00:23:12 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Allgemein\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 53.00% Memory free 12.00 Gb Paging File | 9.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 366.72 Gb Total Space | 257.67 Gb Free Space | 70.26% Space Free | Partition Type: NTFS Drive D: | 550.13 Gb Total Space | 410.19 Gb Free Space | 74.56% Space Free | Partition Type: NTFS Drive F: | 7.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Games\Steam\GameOverlayUI.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - d:\Games\Steam\steamapps\common\supreme commander 2\bin\SupremeCommander2.exe (Gas Powered Games) PRC - D:\Games\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated) DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated) DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation) DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gamestar.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52586 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.28 22:52:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.28 22:52:04 | 000,000,000 | ---D | M] [2008.12.31 00:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Extensions [2011.02.08 14:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions [2010.04.30 13:53:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.08 14:22:06 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.01.22 13:28:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.22 13:28:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.12.29 13:33:45 | 000,000,000 | ---D | M] ("Image Download") -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\imagedownload@whygudu.iblog.cn [2010.12.22 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.14 15:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.26 20:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 13:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.14 01:41:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.14 01:41:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.11.14 01:41:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.14 01:41:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.14 01:41:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.22 12:44:20 | 000,428,601 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14760 more lines... O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.09 00:20:08 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2011.01.13 18:26:16 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.13 18:26:16 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.13 18:26:11 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe [2011.01.11 15:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2008.11.02 01:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.02.09 00:20:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe [2011.02.09 00:05:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.08 23:23:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.02.08 23:22:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 23:22:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 23:22:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.08 23:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.08 17:57:21 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job [2011.02.07 19:12:28 | 000,019,456 | ---- | M] () -- C:\Users\Allgemein\Documents\Absclag.xls [2011.01.22 12:44:20 | 000,428,601 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS [2011.01.17 07:36:44 | 000,002,675 | ---- | M] () -- C:\Users\Allgemein\Desktop\Microsoft Excel.lnk [2011.01.14 18:43:19 | 001,467,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.14 18:43:19 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.14 18:43:19 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.14 18:43:19 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.14 18:43:19 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2011.02.07 18:12:17 | 000,019,456 | ---- | C] () -- C:\Users\Allgemein\Documents\Absclag.xls [2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.04.10 16:49:49 | 000,437,210 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI213B.txt [2010.04.10 16:49:49 | 000,012,578 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI213B.txt [2010.01.08 20:07:21 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\memio.dll [2010.01.08 19:27:35 | 000,000,293 | ---- | C] () -- C:\Windows\asfbinapp.INI [2010.01.06 18:27:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.31 17:16:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2009.09.26 22:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.26 22:42:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.03.29 14:06:57 | 000,420,038 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI146E.txt [2009.03.29 14:06:56 | 000,012,266 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI146E.txt [2009.01.13 23:47:51 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2009.01.13 23:46:50 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.01.11 20:46:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.07 13:43:12 | 000,000,000 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\wklnhst.dat [2008.12.31 00:52:12 | 000,016,896 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.06 12:44:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.12.06 12:44:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.02.2011 00:23:12 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Allgemein\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 53.00% Memory free 12.00 Gb Paging File | 9.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 366.72 Gb Total Space | 257.67 Gb Free Space | 70.26% Space Free | Partition Type: NTFS Drive D: | 550.13 Gb Total Space | 410.19 Gb Free Space | 74.56% Space Free | Partition Type: NTFS Drive F: | 7.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 9F 3C 58 EC 4B 91 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0240063B-1EB7-4F0A-8E93-E8CD96E22FC8}" = rport=137 | protocol=17 | dir=out | app=system | "{25BFF978-C264-4859-AE85-7DB82EE643C4}" = rport=138 | protocol=17 | dir=out | app=system | "{3DE0E038-5ADE-4B33-965F-32C3FD6C0A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{40BCBEB3-82D5-47A3-B5FC-16D44011C3EE}" = lport=445 | protocol=6 | dir=in | app=system | "{5711C6B5-9DD6-4886-A79A-D85520181EEC}" = lport=137 | protocol=17 | dir=in | app=system | "{69880AA5-1FCB-40B2-A84F-548239754790}" = rport=445 | protocol=6 | dir=out | app=system | "{7FDBF630-C604-454B-8B73-31B2379548E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B78A21A9-910C-4D91-B328-9A5B0B3475C2}" = rport=139 | protocol=6 | dir=out | app=system | "{E1419C83-EC22-479F-AC5D-F56C76A7CC36}" = lport=138 | protocol=17 | dir=in | app=system | "{FAF5A809-00FC-46AB-B487-E86B5A009296}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{037FFE8B-1E0C-4198-B825-B0ACE994BC4C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | "{0660CFC7-D1FB-4584-B077-BEC544B1A303}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{06D67C2F-1D90-483B-AC97-8714ACB840FB}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | "{07200103-3EB4-46D8-8E1A-C0BC22080E86}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{164ACAF1-B5CB-44F0-8523-9BC94E585EA0}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{174EB543-EC4D-4914-93B6-F45D1F1EFFD7}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | "{19AB0D20-8B39-467D-A26C-CAF693402058}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | "{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{1F3F6B2A-4651-4647-B799-2C8655290083}" = protocol=6 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | "{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{270AF61F-1325-4106-95DB-9EC47C72E41A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{29F1B19E-74C3-45C8-BF4C-DAFDF5BC40F4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{2CE71D41-DE1F-4918-8034-0BC142FCFB1E}" = protocol=6 | dir=in | app=d:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{2D29DBF0-9793-48A7-A7B5-2C57FD6F7575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{36A69E6B-D297-4E9D-B583-AE0E9069133A}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{3926A940-6255-4858-A59C-24BAD565C595}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{402BD6E0-AAFF-4C52-BB0D-64FFF30AC405}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | "{4184A000-B161-428B-ADD5-934103A25903}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | "{4281ACC4-2030-4650-AE7D-8071DF573B8C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{46B930B5-EBB9-453B-B1A8-612D63C3FE8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | "{498BEF9C-FCB3-42B6-905E-B3944F793C45}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | "{4B8B7BF5-F04C-4483-85E1-7562E9C4A179}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{5126C1C9-D94B-402A-A6FB-F2AFC7015F56}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{5129E357-58C0-4E4F-A55C-246BD7507E41}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | "{5310592A-71E8-4BC6-B08A-EF08FFDD88EF}" = protocol=6 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | "{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{61D7544D-4383-4394-8A24-2C234FCD2B7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6310BD7E-5856-41D7-8996-B2F9706C807C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{67A06FA2-D024-476E-AC7C-563582D7B91B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{6E2DC041-A6D1-45B1-93A9-0A12E698FED1}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{6E6EC19A-F16F-43C3-98F5-5E0D3392F8AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{701DD33D-18F2-4CB9-B581-6061A43E3E52}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{72DC1A8B-8273-4CAA-89F2-4A103B21E4B7}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | "{749D543E-9632-43ED-A7D8-0A5F7B3ECF5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{78758A6A-D50F-486E-AF12-BCA62339E8B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7EB20E0F-5B4D-4C92-A279-0865BC982169}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{83E1B206-CF06-46C1-9A5E-7F9768D8C964}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{85E57662-992C-4163-A5B3-C521E7DA5105}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | "{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{99959467-C52F-4B68-8D9E-C1C33658B97A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{999F7D04-0105-447D-B258-FF4F4016E14D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A46525B4-B931-4C4B-9100-3D00B7728D78}" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | "{A8B9B93E-6010-4443-B7CF-B18798A56653}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{AA70CC46-4FBD-4A5E-BE55-C584F6BCD5DF}" = protocol=17 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | "{B33D8B01-E7E1-41ED-9284-DBBBA17B9295}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{BB5DA8A4-AFA8-4794-944E-0B055B3CA629}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{C5C0144D-72DB-4F08-8899-847F54A5336C}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | "{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{C65C2B16-A094-4167-8DEB-774A35C6832A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "{C8633C17-448C-48CE-9230-5E73BE8CCC06}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{D6268E41-2892-42E4-AB00-7E83F83B5170}" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | "{D99BA6E2-A59F-489C-BF2B-5B478844FEC2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "{DF5C6719-B034-40B8-AF0D-915C6D4D37A2}" = protocol=17 | dir=in | app=d:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{E3D6342A-6112-4779-82E2-1EA72E2AAB1A}" = protocol=17 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | "{E639A33A-6A8E-4377-8635-5DCFE4638CFB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{E7FB9B55-6DD9-4895-A297-930512CDD874}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{EAF8C6E1-08C5-4166-8276-9CE2FE715E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{EC35FF56-9005-4B46-916F-08A7DAE9F0BF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | "{ECAE6A72-D840-48B0-835D-9D0865449697}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | "{ECC7730F-A00E-4346-858A-294D2349CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EE42CC51-3F73-4A82-A5BA-0DBF212FA4F6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{F2BFBB60-8BC5-4A94-97AF-645D64BA2B0F}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | "{F5C4D7E3-38DA-467B-9B93-FDB77C0FAE3B}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | "{FF75CFB6-2416-4865-9CBE-C4E3F5F8B42C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{33B5272F-A03A-436F-8E4C-A6D01396431B}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe | "TCP Query User{3D5F350D-5821-43E1-AAC5-17276690076F}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=6 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | "TCP Query User{500A52A5-C468-4B60-8217-304FFD88EE0B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{5A55804B-7D73-4BFA-981B-233EB6073441}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | "TCP Query User{666FBBD3-CB60-4BE6-87C2-6E5EDD0FA93F}D:\programme\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\programme\chilirec\chilirec.exe | "TCP Query User{7833C700-5A96-45E1-9C4F-18EB190CC7B0}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "TCP Query User{78DE6F70-097C-47C1-883F-FD738F4EF17A}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | "TCP Query User{7A188E3A-5C8D-4529-8AC2-EA59ED69BFEE}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | "TCP Query User{999C1EAC-A83C-4133-9F5F-FD922007EF49}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | "TCP Query User{A8082984-749C-4C68-95B7-9EEEE46D9B8A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{AA7A2599-DE98-4FC4-8E93-780F0319684F}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | "TCP Query User{C1328922-FB96-42E0-B343-F53B7C93FFEA}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "TCP Query User{D33FE896-1B5C-4D2D-B125-8A6AC36C8D1A}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | "TCP Query User{F20D4189-9A49-4D8C-821E-E072845CC6DB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "UDP Query User{15573920-5B2A-4733-8F92-272D8300AB68}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "UDP Query User{29B12FD2-CA6E-42A6-91A8-B60D005ED5D2}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | "UDP Query User{30E27ADE-2D0B-43F0-975D-8183DE686D31}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{332EA9E8-D7B6-4410-9541-CD15051999CD}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=17 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | "UDP Query User{42439E35-D610-4E18-81F8-7086057FB250}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | "UDP Query User{61A5D5A7-9A4A-4DE2-9EE0-E095AB050BAC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "UDP Query User{774E6DA8-862E-4B6E-8BD9-A82E3E8652FA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{A7334D05-C0AF-444C-BC6F-F48AA7F64B56}D:\programme\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\programme\chilirec\chilirec.exe | "UDP Query User{B524DDF5-1C13-477C-BEBD-B480FC6AAB2D}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | "UDP Query User{BE0E10DA-472C-41DB-AA5C-04940B2606FD}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "UDP Query User{C35C9398-2F54-4B75-A1A9-21697613189E}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe | "UDP Query User{D3AECB7A-EAA4-4539-B0A4-1985764C7C6F}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | "UDP Query User{DDAAC868-CEBB-4136-AFDB-4EFFCCD11268}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | "UDP Query User{F79D21A8-AC4A-4533-8469-E9A0519928A3}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series "{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{33CF8D2C-0430-2949-FD8F-695C97C472C5}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CanonMyPrinter" = Canon My Printer "CCleaner" = CCleaner "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PROSetDX" = Intel(R) Network Connections 13.1.33.0 "Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7 "{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23 "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II "{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2 "{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2 "{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4 "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F6FE1DC-E868-B38A-07E5-897508745128}" = ccc-core-static "{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king "{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20 "{D3D867DD-6C81-E695-4FFE-BE921DF44931}" = Catalyst Control Center Graphics Previews Common "{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F08A1CA0-55A7-8244-3A05-7431447CE9BA}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "CanonSolutionMenu" = Canon Utilities Solution Menu "Chilirec_0" = Chilirec 1.01 "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "FLV Player" = FLV Player 2.0 (build 25) "Franzis 3D-Eisenbahnplaner 10.0_is1" = Franzis 3D-Eisenbahnplaner 10.0 "GSplit3Set" = GSplit 3 "Homeworld2" = Homeworld2 "Impulse" = Impulse "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix "InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault "InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP Navigator EX 1.1" = Canon MP Navigator EX 1.1 "PSP Video 9" = PSP Video 9 5.03 "Security Task Manager" = Security Task Manager 1.8c "Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity "Splitit" = Split it 3.2 "StarCraft II" = StarCraft II "Steam App 15620" = Warhammer 40,000: Dawn of War II "Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising "Steam App 20900" = The Witcher: Enhanced Edition "Steam App 35700" = Trine "Steam App 400" = Portal "Steam App 40100" = Supreme Commander 2 "Steam App 43110" = Metro 2033 "VLC media player" = VLC media player 1.0.3 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "X3TerranConflict_is1" = X3 Terran Conflict v3.0 "YouTube Downloader App" = YouTube Downloader App 2.03 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.08.2010 08:56:34 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3, Prozess-ID 0x894, Anwendungsstartzeit 01cb42c25851b509. Error - 23.08.2010 12:37:55 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 09:37:01 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 11:52:43 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 12:06:45 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 26.08.2010 04:04:30 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = Error - 26.08.2010 04:08:12 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3, Prozess-ID 0x8a0, Anwendungsstartzeit 01cb44f53d61ce50. Error - 26.08.2010 06:55:24 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 08.02.2011 06:20:52 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = Error - 08.02.2011 09:19:30 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 08.02.2011 09:19:30 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 08.02.2011 09:20:05 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = Error - 08.02.2011 12:35:11 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 08.02.2011 12:35:11 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 08.02.2011 12:36:08 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = Error - 08.02.2011 18:22:39 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 08.02.2011 18:22:39 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 08.02.2011 18:23:29 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026 Description = < End of report > Code:
ATTFilter Avira AntiVir Personal Erstellungsdatum der Reportdatei: Freitag, 31. Dezember 2010 15:58 Es wird nach 2313669 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista x64 Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ASPIRE-M7720 Versionsinformationen: BUILD.DAT : 10.0.0.609 31824 Bytes 13.12.2010 09:29:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 09.12.2010 12:41:44 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 17:36:44 LUKE.DLL : 10.0.3.2 104296 Bytes 09.12.2010 12:41:44 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 09:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:20:41 VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 15:20:41 VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 15:20:41 VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 15:20:41 VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 15:20:41 VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 15:20:41 VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 15:20:41 VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 15:20:41 VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 15:20:41 VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 15:20:41 VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 15:20:41 VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 15:20:41 VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 15:20:42 VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 16:43:43 VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 01:39:59 VBASE016.VDF : 7.11.0.156 122880 Bytes 24.12.2010 14:42:18 VBASE017.VDF : 7.11.0.185 146944 Bytes 27.12.2010 17:00:07 VBASE018.VDF : 7.11.0.228 132608 Bytes 30.12.2010 14:57:31 VBASE019.VDF : 7.11.0.229 2048 Bytes 30.12.2010 14:57:31 VBASE020.VDF : 7.11.0.230 2048 Bytes 30.12.2010 14:57:32 VBASE021.VDF : 7.11.0.231 2048 Bytes 30.12.2010 14:57:32 VBASE022.VDF : 7.11.0.232 2048 Bytes 30.12.2010 14:57:32 VBASE023.VDF : 7.11.0.233 2048 Bytes 30.12.2010 14:57:32 VBASE024.VDF : 7.11.0.234 2048 Bytes 30.12.2010 14:57:32 VBASE025.VDF : 7.11.0.235 2048 Bytes 30.12.2010 14:57:32 VBASE026.VDF : 7.11.0.236 2048 Bytes 30.12.2010 14:57:32 VBASE027.VDF : 7.11.0.237 2048 Bytes 30.12.2010 14:57:32 VBASE028.VDF : 7.11.0.238 2048 Bytes 30.12.2010 14:57:32 VBASE029.VDF : 7.11.0.239 2048 Bytes 30.12.2010 14:57:32 VBASE030.VDF : 7.11.0.240 2048 Bytes 30.12.2010 14:57:32 VBASE031.VDF : 7.11.0.247 33792 Bytes 31.12.2010 14:57:32 Engineversion : 8.2.4.134 AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 18:26:49 AESCRIPT.DLL : 8.1.3.51 1286524 Bytes 31.12.2010 14:57:40 AESCN.DLL : 8.1.7.2 127349 Bytes 23.11.2010 18:22:29 AESBX.DLL : 8.1.3.2 254324 Bytes 23.11.2010 18:22:32 AERDL.DLL : 8.1.9.2 635252 Bytes 23.09.2010 07:56:04 AEPACK.DLL : 8.2.4.7 512375 Bytes 31.12.2010 14:57:38 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 23.11.2010 18:22:28 AEHEUR.DLL : 8.1.2.60 3158392 Bytes 31.12.2010 14:57:37 AEHELP.DLL : 8.1.16.0 246136 Bytes 04.12.2010 16:27:33 AEGEN.DLL : 8.1.5.0 397685 Bytes 04.12.2010 16:27:33 AEEMU.DLL : 8.1.3.0 393589 Bytes 23.11.2010 18:22:15 AECORE.DLL : 8.1.19.0 196984 Bytes 04.12.2010 16:27:32 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 17:34:14 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 09:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 09:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 14:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 04.11.2010 18:08:22 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 09.12.2010 12:41:44 AVARKT.DLL : 10.0.22.6 231784 Bytes 09.12.2010 12:41:43 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 07:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 10:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 13:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 12:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 11:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 04.11.2010 18:08:22 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Freitag, 31. Dezember 2010 15:58 Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information\datasecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information\rkeysecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\eula [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\launched [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_sp_hdrdieerweckungdesbalrog [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_te_wow [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_demigod [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_eveonline [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_riddick [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\chapeau claque - ich steine, du steine (peter fox cover) [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\[vimeo-8215444] chapeau claque_ »pale blue« [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\da destiny [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{k7c0db872a3f777c0} [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{i11d9da1eba6cb047} [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{011d9da1eba6cb047} [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Exchange\Forms Registry\cachesynccount [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL3.0\defaultvalue [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\last [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet\3.5\Engines\Jet\usercommitsync [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters\trappolltimemillisecs [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared\HTML\knownids [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\8.0\Calendar\cursize [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\8.0\Calendar\lastcompactsize [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\exe full path [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\radio_select [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\m_lang [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. C:\Users\Allgemein\Pictures C:\Users\Allgemein\Pictures [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\tgt_mode [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\copy_mode [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\del_mode [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\path_mode [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\cnfrm_dlg [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\m_lang [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\The Silicon Realms Toolworks\Armadillo\{0f943452edeba2f7c} [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\showintroframe [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winheight [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winwidth [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring C:\Windows\system32\unregmp2.exe /ShowWMP C:\Windows\system32\unregmp2.exe /ShowWMP [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. C:\Program Files\Windows Media Player C:\Program Files\Windows Media Player [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. C:\Program Files\Windows Media Player C:\Windows\system32\wbem\Logs\WMITracing.log C:\Windows\system32\wbem\Logs\WMITracing.log [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Update\network\secure-S-1-5-18\sk [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Update\network\secure-S-1-5-18\c [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype) [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'eDSMSNLoader32.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'SDWinSec.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'WrtProc.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'OpWareSE4.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'TeaTimer.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'MouseEditor.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'WrtMon.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'SchedulerSvc.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'BackupSvc.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'eDSService.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'Agentsvc.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'bgsvcgen.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMSServer.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD3 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD4 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD5 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '760' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <ACER> C:\Users\Allgemein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-6ff35a79 [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF --> bpac/a.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF Beginne mit der Suche in 'D:\' <DATA> D:\Eigene Datein\Sonstiges\STBC Mods\Borg\bdiamond.zip [0] Archivtyp: ZIP --> Bdiamond/dapborgdiamond.ace [1] Archivtyp: ACE --> dapborgdiamond\Data\Models\Ships\BorgDiamond\BorgDiamond.3ds [WARNUNG] Die Datei konnte nicht geöffnet werden! Beginne mit der Desinfektion: C:\Users\Allgemein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-6ff35a79 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4909a54a.qua' verschoben! Ende des Suchlaufs: Freitag, 31. Dezember 2010 17:15 Benötigte Zeit: 1:16:16 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 38300 Verzeichnisse wurden überprüft 740230 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 740229 Dateien ohne Befall 8587 Archive wurden durchsucht 1 Warnungen 1 Hinweise 853439 Objekte wurden beim Rootkitscan durchsucht 76 Versteckte Objekte wurden gefunden Vielen Dank Gruß Yetzirah |
09.02.2011, 11:13 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL PRC - File not found FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52586 FF - prefs.js..network.proxy.type: 0 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) [2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.02.2011, 15:16 | #6 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, habe alles so ausgeführt wie angegeben leider hängt sich OLT beim Klick auf den Button Fix direkt auf. Oben im Fensterrahmen steht hinter dem Programmnamen "keine Rückmeldung" und am unterstem Rand des Programms steht "Processing PRC - File not fund...". Ich habe 20 Minuten gewartet, aber es hat sich nichts mehr getan, der PC hat auch keinerlei Arbeitsgeräusche mehr von sich gegeben wie z.B. das Rattern der Festplatte. Ich habe das Programm dann über den Task-Manager beendet und es noch mehrmals versucht, immer mit dem selben Ergebniss. Muss ich davor möglicherweise irgendwas deaktivieren? wie z.B den Tea Timer von Spybot oder den Windows Defender? Wie soll ich weiter verfahren? Dank und Gruß Yetzirah |
09.02.2011, 15:24 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Lassen wir die Zeile weg Nimm diesen Text als OTL-Fix: Code:
ATTFilter :OTL FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52586 FF - prefs.js..network.proxy.type: 0 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) [2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595 :Commands [purity] [resethosts] [emptytemp]
__________________ Logfiles bitte immer in CODE-Tags posten |
09.02.2011, 17:33 | #8 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, diesesmal hat alles geklappt, hier das Log: Code:
ATTFilter All processes killed ========== OTL ========== Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 52586 removed from network.proxy.http_port Prefs.js: 0 removed from network.proxy.type HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. F:\autorun.exe scheduled to be moved on reboot. File move failed. F:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found. File L:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. C:\Users\Allgemein\AppData\Roaming\69DC.595 moved successfully. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Allgemein ->Temp folder emptied: 880876 bytes ->Temporary Internet Files folder emptied: 72491807 bytes ->Java cache emptied: 3858691 bytes ->FireFox cache emptied: 76965170 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 12298 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20432209 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 167.00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02092011_172656 Files\Folders moved on Reboot... File move failed. F:\autorun.exe scheduled to be moved on reboot. File move failed. F:\autorun.inf scheduled to be moved on reboot. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot. Registry entries deleted on Reboot... Yetzirah |
10.02.2011, 10:25 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2011, 15:11 | #10 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, habe alles entsprechend der Anleitungen ausgeführt. Hier das ComboFix Log: Code:
ATTFilter ComboFix 11-02-09.05 - Allgemein 10.02.2011 14:51:08.1.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.6134.4407 [GMT 1:00] ausgeführt von:: c:\users\Allgemein\Desktop\Cofi.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2011-01-10 bis 2011-02-10 )))))))))))))))))))))))))))))) . 2011-02-10 13:32 . 2011-02-10 13:32 -------- d-----w- c:\programdata\ATI 2011-02-10 12:56 . 2011-02-10 12:56 -------- d-----w- c:\program files (x86)\ATI Technologies 2011-02-10 12:48 . 2011-02-10 12:48 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-02-10 12:48 . 2011-02-10 12:48 16384 ----a-w- c:\windows\system32\atimuixx.dll 2011-02-10 12:48 . 2011-02-10 12:48 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-02-10 12:48 . 2011-02-10 12:48 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-02-10 12:46 . 2011-02-10 12:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-02-10 12:46 . 2011-02-10 12:46 480256 ----a-w- c:\windows\system32\atieclxx.exe 2011-02-10 12:46 . 2011-02-10 12:46 6815232 ----a-w- c:\windows\system32\aticaldd64.dll 2011-02-10 12:46 . 2011-02-10 12:47 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-02-10 12:46 . 2011-02-10 12:46 203776 ----a-w- c:\windows\system32\atiesrxx.exe 2011-02-10 12:46 . 2011-02-10 12:46 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-02-10 12:46 . 2011-02-10 12:46 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-02-10 12:46 . 2011-02-10 12:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-02-10 08:57 . 2011-01-06 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-02-09 13:39 . 2011-02-09 13:39 -------- d-----w- C:\_OTL 2011-02-09 12:24 . 2011-02-09 18:54 -------- d-----w- c:\users\Allgemein\AppData\Local\The Witcher 2011-02-08 11:14 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC4DE615-D186-436A-B414-A11B25AF2D3F}\mpengine.dll 2011-01-11 14:55 . 2011-01-11 14:55 -------- d-----w- c:\program files (x86)\Microsoft.NET . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-10 12:48 . 2010-07-07 01:53 708608 ----a-w- c:\windows\system32\aticfx64.dll 2011-02-10 12:47 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll 2011-02-10 12:47 . 2010-03-03 03:06 26112 ----a-w- c:\windows\system32\atitmp64.dll 2011-02-10 12:46 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-02-10 12:45 . 2008-11-02 00:13 5305856 ----a-w- c:\windows\system32\atiumd64.dll 2011-02-10 12:45 . 2010-03-03 03:06 38400 ----a-w- c:\windows\system32\atiu9p64.dll 2010-12-31 12:11 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2010-12-31 12:11 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-12-28 12:25 . 2010-12-28 12:25 388096 ----a-r- c:\users\Allgemein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-20 17:09 . 2010-12-27 01:22 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-12-27 01:22 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll 2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2010-11-23 18:22 . 2010-04-10 15:53 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-17 12:04 . 2010-11-17 12:04 111120 ----a-w- c:\windows\system32\drivers\AtihdLH6.sys 2010-11-12 17:53 . 2010-08-14 14:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2009-06-16 3317248] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908] "WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 ATICDSDr;ATICDSDr;c:\users\ALLGEM~1\AppData\Local\Temp\ATICDSDr.sys [x] R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-30 110576] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [2010-11-17 111120] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2008-06-13 316544] S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [2008-04-10 28160] . Inhalt des "geplante Tasks" Ordners 2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 09:45] 2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 09:45] 2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job - c:\windows\system32\msfeedssync.exe [2011-02-10 04:47] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X] "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264] "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-08-19 319488] "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-08-19 323584] "eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.hotmail.de/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:52586 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gamestar.de/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} . - - - - Entfernte verwaiste Registrierungseinträge - - - - Wow6432Node-HKLM-Run-eRecoveryService - (no file) HKLM-Run-Skytel - Skytel.exe AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - d:\games\Electronic Arts\The Lord of the Rings . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:b0,6d,c6,3d,21,06,b2,32,ba,a7,65,f2,82,ea,20,95,2a,f9,cd,4f,2c,49,42, 10,8c,b4,b8,1e,a2,a6,93,64,99,d8,e7,cd,46,80,8a,f8,14,5d,ce,ee,da,55,9a,81,\ "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f [HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information*] "datasecu"=hex:14,c0,b1,6e,4d,34,c7,2f,9d,17,06,0a,ac,09,bd,ca,f2,ef,e4,de,02, 3a,5f,e1,5a,92,23,f3,4a,17,00,81,5a,d6,a5,f3,71,5f,cb,fd,b0,39,f5,84,c1,7e,\ "rkeysecu"=hex:19,dc,01,73,eb,c8,53,82,f1,61,cb,8a,c4,64,88,43 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1] @="131473" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR] @="c:\\Windows\\SysWow64\\Macromed\\Flash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\windows\SysWOW64\bgsvcgen.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\spool\drivers\x64\3\WrtProc.exe c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-02-10 15:01:19 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-02-10 14:01 Vor Suchlauf: 14 Verzeichnis(se), 276.858.195.968 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 276.512.358.400 Bytes frei - - End Of File - - 2E9C695C2D31A41DFAF17BC27D89149A Yetzirah |
10.02.2011, 15:15 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2011, 15:37 | #12 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, hab alle Scans durchlaufen lassen, anders als auf dem Bild in der GMER Anleitung, konnte ich auf der rechten Seite allerdings nur bei den unteren 3 Punkten (Services, Registry und Files) einen Haken setzen, alle Punkte darüber waren ausgegraut. Nach dem Scan meldete GMER das es nichts gefunden hat, auch das abgespeicherte Log war gänzlich leer. Hier das MBRCheck Log: Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: AMI System Manufacturer: Acer System Product Name: Aspire M7720 Logical Drives Mask: 0x000007fc Kernel Drivers (total 151): 0x02062000 \SystemRoot\system32\ntoskrnl.exe 0x0201C000 \SystemRoot\system32\hal.dll 0x0060D000 \SystemRoot\system32\kdcom.dll 0x00617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00652000 \SystemRoot\system32\PSHED.dll 0x00666000 \SystemRoot\system32\CLFS.SYS 0x006C3000 \SystemRoot\system32\CI.dll 0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008F4000 \SystemRoot\system32\drivers\acpi.sys 0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00953000 \SystemRoot\system32\drivers\msisadrv.sys 0x0095D000 \SystemRoot\system32\drivers\pci.sys 0x0098D000 \SystemRoot\System32\drivers\partmgr.sys 0x009A2000 \SystemRoot\system32\drivers\volmgr.sys 0x00775000 \SystemRoot\System32\drivers\volmgrx.sys 0x009B6000 \SystemRoot\System32\drivers\mountmgr.sys 0x009C9000 \SystemRoot\System32\Drivers\UBHelper.sys 0x00A0A000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x00B24000 \SystemRoot\system32\drivers\atapi.sys 0x00B2C000 \SystemRoot\system32\drivers\ataport.SYS 0x00B50000 \SystemRoot\system32\drivers\msahci.sys 0x00B5A000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00B6A000 \SystemRoot\system32\drivers\fltmgr.sys 0x00BB1000 \SystemRoot\system32\drivers\fileinfo.sys 0x00BC5000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x00C02000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E0D000 \SystemRoot\system32\drivers\ndis.sys 0x00C89000 \SystemRoot\system32\drivers\msrpc.sys 0x00CD9000 \SystemRoot\system32\drivers\NETIO.SYS 0x0100B000 \SystemRoot\System32\drivers\tcpip.sys 0x01181000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0138F000 \SystemRoot\system32\drivers\volsnap.sys 0x013D3000 \SystemRoot\System32\Drivers\spldr.sys 0x013DB000 \SystemRoot\System32\Drivers\mup.sys 0x011AD000 \SystemRoot\System32\drivers\ecache.sys 0x011D9000 \SystemRoot\system32\drivers\disk.sys 0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x013ED000 \SystemRoot\system32\drivers\crcdisk.sys 0x0291E000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0292B000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02934000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02947000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x02C0A000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x03441000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03524000 \SystemRoot\System32\drivers\watchdog.sys 0x03609000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x036F6000 \SystemRoot\system32\DRIVERS\e1y60x64.sys 0x03746000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03752000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03798000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x037A9000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x037BB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x037E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x037EF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03534000 \SystemRoot\system32\DRIVERS\serial.sys 0x03551000 \SystemRoot\system32\DRIVERS\serenum.sys 0x0355D000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03600000 \SystemRoot\system32\Drivers\NTIDrvr.sys 0x03579000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03582000 \SystemRoot\system32\DRIVERS\serscan.sys 0x0358A000 \SystemRoot\system32\drivers\ksthunk.sys 0x03590000 \SystemRoot\system32\drivers\ks.sys 0x035C4000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x02994000 \SystemRoot\system32\DRIVERS\storport.sys 0x029F1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x00D32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x011ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x00D55000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x00D86000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x00D96000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x00DB4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x00DCC000 \SystemRoot\system32\DRIVERS\termdd.sys 0x037FB000 \SystemRoot\system32\DRIVERS\swenum.sys 0x01000000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x00DDF000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0380D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x03855000 \SystemRoot\system32\drivers\AtihdLH6.sys 0x03875000 \SystemRoot\system32\drivers\portcls.sys 0x038B0000 \SystemRoot\system32\drivers\drmk.sys 0x04205000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x04372000 \SystemRoot\system32\drivers\gwfilt64.sys 0x04380000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04394000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x0439E000 \SystemRoot\System32\Drivers\Null.SYS 0x043B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x043BA000 \SystemRoot\System32\drivers\vga.sys 0x043C8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x043ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x043F6000 \SystemRoot\system32\drivers\rdpencdd.sys 0x043A7000 \SystemRoot\System32\Drivers\Msfs.SYS 0x038D3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x038E4000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x038ED000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0390A000 \SystemRoot\system32\DRIVERS\smb.sys 0x03925000 \SystemRoot\system32\drivers\afd.sys 0x03990000 \SystemRoot\System32\DRIVERS\netbt.sys 0x039D4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x037CB000 \SystemRoot\system32\DRIVERS\netbios.sys 0x00BCE000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x039F2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x03800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x04403000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04450000 \SystemRoot\system32\drivers\nsiproxy.sys 0x0445C000 \SystemRoot\System32\Drivers\dfsc.sys 0x04479000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x0449B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x044B7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x044B9000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x044C9000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x044D4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x044EC000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x044F5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x04507000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x04512000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0451D000 \SystemRoot\system32\DRIVERS\udfs.sys 0x0456B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x02800000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x00050000 \SystemRoot\System32\win32k.sys 0x04579000 \SystemRoot\System32\drivers\Dxapi.sys 0x04585000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004B0000 \SystemRoot\System32\TSDDD.dll 0x04598000 \SystemRoot\system32\drivers\luafv.sys 0x045BA000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x006E0000 \SystemRoot\System32\cdd.dll 0x05E08000 \SystemRoot\system32\drivers\spsys.sys 0x05EA2000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05EB6000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x05ECE000 \SystemRoot\system32\drivers\HTTP.sys 0x05F71000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x05F9A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05FB8000 \SystemRoot\System32\drivers\mpsdrv.sys 0x05FD2000 \SystemRoot\system32\drivers\mrxdav.sys 0x045D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x06201000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0624A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x06269000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0629B000 \SystemRoot\System32\DRIVERS\srv.sys 0x0632F000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x0637E000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys 0x06396000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x05606000 \SystemRoot\system32\drivers\peauth.sys 0x056BC000 \SystemRoot\system32\DRIVERS\PSDNServ.sys 0x056C5000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys 0x056D8000 \SystemRoot\System32\Drivers\secdrv.SYS 0x056E3000 \SystemRoot\System32\drivers\tcpipreg.sys 0x056F3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x05713000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x05729000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x777F0000 \Windows\System32\ntdll.dll Processes (total 73): 0 System Idle Process 4 System 508 C:\Windows\System32\smss.exe 576 csrss.exe 632 C:\Windows\System32\wininit.exe 652 csrss.exe 688 C:\Windows\System32\services.exe 700 C:\Windows\System32\lsass.exe 708 C:\Windows\System32\lsm.exe 860 C:\Windows\System32\svchost.exe 960 C:\Windows\System32\svchost.exe 352 C:\Windows\System32\atiesrxx.exe 388 C:\Windows\System32\winlogon.exe 356 C:\Windows\System32\svchost.exe 540 C:\Windows\System32\svchost.exe 564 C:\Windows\System32\svchost.exe 544 C:\Windows\System32\audiodg.exe 1032 C:\Windows\System32\svchost.exe 1048 C:\Windows\System32\SLsvc.exe 1100 C:\Windows\System32\svchost.exe 1200 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\spoolsv.exe 1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1460 C:\Windows\System32\svchost.exe 1772 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 1784 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 1868 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1884 C:\Windows\SysWOW64\bgsvcgen.exe 1916 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1928 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 1992 C:\Windows\System32\atieclxx.exe 2076 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 2232 C:\Windows\System32\dwm.exe 2316 C:\Windows\explorer.exe 2356 C:\Windows\System32\taskeng.exe 2556 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2732 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 2916 C:\Windows\RAVCpl64.exe 2924 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe 2932 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe 2940 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe 2964 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 2972 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe 2980 C:\Windows\ehome\ehtray.exe 3008 C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe 2616 C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe 844 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2656 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2720 C:\Windows\ehome\ehmsas.exe 2176 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 848 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe 268 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe 2608 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2676 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 3092 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 3116 C:\Windows\SysWOW64\PnkBstrA.exe 3128 C:\Windows\System32\svchost.exe 3148 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 3180 C:\Windows\System32\svchost.exe 3216 C:\Windows\System32\svchost.exe 3244 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3392 C:\Windows\System32\SearchIndexer.exe 3484 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 3760 WUDFHost.exe 3828 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 4012 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4216 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 5032 C:\Users\Allgemein\Desktop\vh69jch7.exe 3504 C:\Windows\System32\svchost.exe 4152 dllhost.exe 4704 dllhost.exe 4148 C:\Users\Allgemein\Desktop\MBRCheck.exe 3712 C:\Windows\SysWOW64\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005f`58500000 (NTFS) PhysicalDrive0 Model Number: WDCWD10EAVS-00D7B1, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Acer MBR code detected SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003 Done! Yetzirah |
11.02.2011, 16:04 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2011, 00:02 | #14 |
| Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Hallo, habe die Scans durchgeführt, Malewarebytes hat einen Fund gemeldet, Superantispyware blieb ohne Fund. 2 kurze Fragen, falls es keine Umstände macht. Warum konnte ich bei GMER, entgegen der Anleitung, nur die 3 Haken setzen? Und was genau hat Malewarebytes da gefunden? Hier das Malewarebytes Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5742 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 11.02.2011 20:37:44 mbam-log-2011-02-11 (20-37-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 388161 Laufzeit: 54 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 02/11/2011 bei 07:04 PM Version der Applikation : 4.47.1000 Version der Kern-Datenbank : 6381 Version der Spur-Datenbank : 4193 Scan Art : kompletter Scann Totale Scann-Zeit : 01:45:01 Gescannte Speicherelemente : 724 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 13320 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 245587 Erfasste Datei-Elemente : 0 Yetzirah |
12.02.2011, 00:12 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware Sieht ok aus, da wurden nur ein Überrest gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware |
antivir, avg, avira, bonjour, bonkers, canon, dateien, defender, desktop, entfernen, explorer, firefox, home, home premium, löschen, malwarebytes, microsoft, mozilla, nicht sicher, prefetch, programdata, programm, programme, rarsfx0, security, security shield, sicherheit, start menu, superantispyware, syswow64, tan, temp, trojaner, trojaner eingefangen, vista, wmp |