|
Log-Analyse und Auswertung: Log-Auswertung!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.02.2011, 15:14 | #1 |
| Log-Auswertung! Hi Leute Ich habe Trojaner auf meinem PC (zumindest denke ich das)...ich habe alles so gemacht wie es in der Anleitung auf dieser Webseite stand und würde nun meine logs hier posten... Viele Grüße Richi Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.02.2011 14:47:16 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop\MFTools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 121,60 Gb Free Space | 42,62% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- () "C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager "{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Lexmark 2600 Series" = Lexmark 2600 Series "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Pen Tablet Driver" = Bamboo "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III "{3A1DF0A8-D3D9-9D42-8B77-58E2C725347E}" = Saal Design Software "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{641F223A-40C3-436E-A16C-A787E4F46F98}" = SigmaPlot 9.0 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2 "{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0045-0407-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (German) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Der Fluch des Drachen "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy "{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda Standard V5.7.2 "{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9 "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "avast5" = avast! Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Designer 2.0_is1" = Designer 2.0 "ERUNT_is1" = ERUNT 1.1j "FreeCommander_is1" = FreeCommander 2009.02 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{641F223A-40C3-436E-A16C-A787E4F46F98}" = SigmaPlot 9.0 "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Firefox 4.0b11 (x86 de)" = Mozilla Firefox 4.0b11 (x86 de) "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7) "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "PremElem90" = Adobe Premiere Elements 9 "PROHYBRIDR" = 2007 Microsoft Office system "Saal Digital" = Saal Digital "SaalDesignSoftware" = Saal Design Software "Spyder3Express" = Spyder3Express "StarCraft II" = StarCraft II "TmNationsForever_is1" = TmNationsForever "USB2.0 ATV" = USB2.0 ATV "VLC media player" = VLC media player 1.1.5 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WinLiveSuite_Wave3" = Windows Live Essentials "XWeb" = Microsoft Expression Web 2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.02.2011 16:10:26 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Name des fehlerhaften Moduls: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083bc ID des fehlerhaften Prozesses: 0xa54 Startzeit der fehlerhaften Anwendung: 0x01cbc3de1dbb693a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Berichtskennung: a360cb25-2fd1-11e0-a0ff-94b24a28d1f3 Error - 03.02.2011 16:24:23 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5e8 Startzeit: 01cbc3de18462179 Endzeit: 11510 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 8bbfea75-2fd3-11e0-a0ff-94b24a28d1f3 Error - 04.02.2011 07:44:14 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Name des fehlerhaften Moduls: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083bc ID des fehlerhaften Prozesses: 0xa3c Startzeit der fehlerhaften Anwendung: 0x01cbc460a23056b3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Berichtskennung: 165c4067-3054-11e0-9dfe-bc324c9698f5 Error - 04.02.2011 15:17:09 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Name des fehlerhaften Moduls: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083bc ID des fehlerhaften Prozesses: 0xa74 Startzeit der fehlerhaften Anwendung: 0x01cbc49fe9dd964b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Berichtskennung: 5c050484-3093-11e0-9c3a-ea96bf4ceef0 Error - 05.02.2011 06:16:53 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Name des fehlerhaften Moduls: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083bc ID des fehlerhaften Prozesses: 0xb2c Startzeit der fehlerhaften Anwendung: 0x01cbc51d84da9713 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Berichtskennung: 0cd3d073-3111-11e0-b34d-b442e97a3cf2 Error - 06.02.2011 07:07:51 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Name des fehlerhaften Moduls: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083bc ID des fehlerhaften Prozesses: 0xae4 Startzeit der fehlerhaften Anwendung: 0x01cbc5edd9009eae Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Berichtskennung: 56784a19-31e1-11e0-b081-ddf9891c5af5 Error - 06.02.2011 09:26:54 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Name des fehlerhaften Moduls: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083bc ID des fehlerhaften Prozesses: 0x6cc Startzeit der fehlerhaften Anwendung: 0x01cbc6011ffea66b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Berichtskennung: c34e1775-31f4-11e0-afca-c29b7d7f8af5 Error - 06.02.2011 10:07:42 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\freecommander\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 06.02.2011 10:09:45 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 07.02.2011 02:52:28 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Name des fehlerhaften Moduls: ElementsAutoAnalyzer.exe, Version: 9.0.0.0, Zeitstempel: 0x4c83bb5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083bc ID des fehlerhaften Prozesses: 0xa88 Startzeit der fehlerhaften Anwendung: 0x01cbc69355d6344d Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe Berichtskennung: d336012a-3286-11e0-8ffc-8b349a30d1f2 [ Cisco AnyConnect VPN Client Events ] Error - 10.02.2011 08:25:46 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:25:52 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:25:54 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:25:54 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:25:55 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:26:13 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:26:34 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:26:58 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:27:25 | Computer Name = ***-PC | Source = vpnagent | ID = 50331649 Description = Function: SetSGRoute Return code: 0xFE070023 File: .\RouteMgr.cpp Line: 665 Description: ROUTETABLE_ERROR_GETBESTROUTE_RETURNED_VA_ADDR Error - 10.02.2011 08:27:31 | Computer Name = ***-PC | Source = vpnagent | ID = 50331650 Description = Termination reason code 23: Client PC is going into suspend mode (Sleep, Hibernate, etc). [ Media Center Events ] Error - 28.01.2011 04:26:44 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 09:26:44 - Fehler beim Herstellen der Internetverbindung. 09:26:44 - Serververbindung konnte nicht hergestellt werden.. Error - 28.01.2011 04:27:16 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 09:26:49 - Fehler beim Herstellen der Internetverbindung. 09:26:49 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 05:02:13 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 10:02:13 - Fehler beim Herstellen der Internetverbindung. 10:02:13 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 05:02:24 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 10:02:19 - Fehler beim Herstellen der Internetverbindung. 10:02:19 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 06:02:59 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 11:02:59 - Fehler beim Herstellen der Internetverbindung. 11:02:59 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 06:03:04 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 11:03:04 - Fehler beim Herstellen der Internetverbindung. 11:03:04 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 07:13:45 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 12:13:45 - Fehler beim Herstellen der Internetverbindung. 12:13:45 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 07:13:51 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 12:13:50 - Fehler beim Herstellen der Internetverbindung. 12:13:50 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 08:14:03 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 13:14:03 - Fehler beim Herstellen der Internetverbindung. 13:14:03 - Serververbindung konnte nicht hergestellt werden.. Error - 03.02.2011 08:14:12 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 13:14:08 - Fehler beim Herstellen der Internetverbindung. 13:14:08 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 18.12.2010 13:44:59 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2664 seconds with 1200 seconds of active time. This session ended with a crash. Error - 13.01.2011 09:58:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6824 seconds with 3840 seconds of active time. This session ended with a crash. [ System Events ] Error - 22.01.2011 08:16:53 | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = Error - 22.01.2011 08:18:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: vflt Error - 23.01.2011 15:11:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: vflt Error - 24.01.2011 03:02:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: vflt Error - 24.01.2011 12:02:49 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error - 24.01.2011 12:02:49 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error - 24.01.2011 12:02:50 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error - 24.01.2011 15:14:33 | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = Error - 24.01.2011 15:22:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: vflt Error - 25.01.2011 04:05:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: vflt < End of report > Malewarebytes Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5731 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.02.2011 14:42:11 mbam-log-2011-02-10 (14-42-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 160786 Laufzeit: 2 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 11 Infizierte Speicherprozesse: c:\Windows\Tmazea.exe (Trojan.Agent) -> 5244 -> Unloaded process successfully. c:\Users\***\AppData\Local\Temp\Ttg.exe (Trojan.Agent) -> 4176 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.Agent) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\***\AppData\Local\Temp\Ttk.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Tmazea.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\Ttg.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\Ttf.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\Tth.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\Tti.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\Ttj.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\***\downloads\crack_systat.sigmaplot.9.0.45059.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2011 14:47:16 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop\MFTools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 121,60 Gb Free Space | 42,62% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2011.02.10 14:27:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe PRC - [2011.01.13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.03.28 06:09:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.02.04 04:05:58 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe PRC - [2009.11.12 18:29:08 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.11.05 01:49:37 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.11.02 00:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.29 02:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.25 00:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.09.01 17:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.11 11:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.02.03 21:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe ========== Modules (SafeList) ========== MOD - [2011.02.10 14:27:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe MOD - [2011.02.08 18:39:28 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\snxhk.dll MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2007.11.28 15:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device) SRV:64bit: - [2007.02.12 09:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv) SRV - [2010.10.13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.10.13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.30 13:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2009.06.18 02:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.03.28 03:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2009.02.03 21:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2007.11.28 10:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdncoms.exe -- (lxdn_device) SRV - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.01.13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.01.04 09:10:31 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.01.04 09:10:31 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.10.05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2010.10.05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2010.10.05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2010.09.02 08:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010.09.02 08:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010.06.10 07:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.13 20:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.08.06 13:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.07.22 23:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 03:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.02.03 21:23:46 | 000,019,456 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2008.09.08 17:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3) DRV:64bit: - [2007.06.28 09:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini) DRV - [2009.11.12 18:29:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/28 07:12:34] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009.09.01 16:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/12 17:37:47] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361210h016l04d8z1j5t7571d340 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361210h016l04d8z1j5t7571d340 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361210h016l04d8z1j5t7571d340 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361210h016l04d8z1j5t7571d340 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361210h016l04d8z1j5t7571d340 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361210h016l04d8z1j5t7571d340 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.02.03 19:12:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.03 19:12:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2011.02.09 17:25:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.02.03 19:12:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.05 08:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.12.05 08:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.27 16:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\86lcz9o4.default\extensions [2010.12.05 08:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- [2011.01.16 18:27:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.18 00:22:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86LCZ9O4.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [1999.12.31 17:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe () O4:64bit: - HKLM..\Run: [mwlDaemon] File not found O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIFE82~1\WEB2~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.02.10 14:44:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9 [2011.02.10 14:36:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.02.10 14:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.10 14:36:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.02.10 14:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.10 14:36:33 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.02.10 14:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.02.10 14:35:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.10 14:34:44 | 000,000,000 | ---D | C] -- C:\ERDNT [2011.02.10 14:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.02.10 14:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.02.10 14:26:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2011.02.10 12:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Jap [2011.02.10 11:02:12 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SigmaPlot [2011.02.10 10:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SigmaPlot [2011.02.10 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SigmaPlot [2011.02.09 16:36:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TmForever [2011.02.09 16:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever [2011.02.09 15:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever [2011.02.09 15:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever [2011.02.08 16:10:00 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.02.03 19:19:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2011.02.03 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2011.02.03 19:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.02.03 19:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.02.03 19:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.02.03 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.02.03 19:11:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2011.02.03 19:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.02.03 19:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.01.31 10:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games [2011.01.19 14:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de [2011.01.19 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotobuch.de [2011.01.19 14:32:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\artworks [2011.01.19 14:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaalDesignSoftware [2011.01.18 21:19:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CyberLink [2011.01.18 21:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayMovie [2011.01.18 21:15:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PlayMovie [2011.01.18 21:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerDVDCox [2011.01.18 21:08:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerDVDCinema [2011.01.18 12:54:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVS4YOU [2011.01.18 12:54:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011.01.18 12:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011.01.18 12:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2011.01.18 12:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2011.01.18 12:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2011.01.16 18:30:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.01.16 18:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.01.16 18:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.01.16 18:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.01.14 21:38:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink [2011.01.14 21:38:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink [2011.01.13 13:23:20 | 000,000,000 | ---D | C] -- C:\VCS30_TMP [2011.01.13 13:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2011.01.13 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Panasonic [2011.01.13 13:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic [2011.01.13 13:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.01.12 17:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2010.12.06 22:38:43 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll [2010.12.06 22:38:43 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll [2010.12.06 22:38:43 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll [2010.12.06 22:38:43 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll [2010.12.06 22:38:43 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll [2010.12.06 22:38:43 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll [2010.12.06 22:38:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll [2010.12.06 22:38:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll [2010.12.06 22:38:43 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll [2010.12.06 22:38:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll [2009.11.05 04:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.10 14:50:53 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.10 14:50:53 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.10 14:43:38 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.10 14:43:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.10 14:43:19 | 3111,514,112 | -HS- | M] () -- C:\hiberfil.sys [2011.02.10 14:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.10 14:36:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.10 14:32:56 | 000,000,928 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.02.10 14:32:56 | 000,000,909 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.02.10 12:11:57 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.10 12:11:57 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.10 12:11:57 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.10 12:11:57 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.10 12:11:57 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.10 11:02:10 | 000,002,036 | ---- | M] () -- C:\Users\***\Desktop\SigmaPlot 9.0.lnk [2011.02.10 10:58:22 | 000,000,017 | ---- | M] () -- C:\Windows\msiexec.ini [2011.02.09 15:48:49 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2011.02.09 12:42:51 | 409,525,623 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.02.08 16:10:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.02.06 15:59:40 | 000,001,924 | ---- | M] () -- C:\Users\***\Desktop\Saal Digital.lnk [2011.01.20 10:03:20 | 000,414,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.01.18 12:53:48 | 000,001,241 | ---- | M] () -- C:\Users\***\Desktop\AVS Video Converter.lnk [2011.01.13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.01.13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.01.13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.01.13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.01.13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.01.13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.01.13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.01.13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011.01.12 20:56:55 | 000,012,157 | ---- | M] () -- C:\Users\***\Japan.docx [2011.01.12 17:37:45 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 9.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.10 14:36:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.10 14:32:56 | 000,000,928 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.02.10 14:32:56 | 000,000,909 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.02.10 11:02:10 | 000,002,036 | ---- | C] () -- C:\Users\***\Desktop\SigmaPlot 9.0.lnk [2011.02.10 10:58:22 | 000,000,017 | ---- | C] () -- C:\Windows\msiexec.ini [2011.02.09 15:48:49 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2011.02.06 15:59:40 | 000,001,924 | ---- | C] () -- C:\Users\***\Desktop\Saal Digital.lnk [2011.02.03 19:11:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.01.27 16:41:06 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.23 18:05:48 | 000,001,954 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saal Digital.lnk [2011.01.19 14:29:26 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk [2011.01.18 12:53:48 | 000,001,241 | ---- | C] () -- C:\Users\***\Desktop\AVS Video Converter.lnk [2011.01.12 19:46:37 | 000,012,157 | ---- | C] () -- C:\Users\***\Japan.docx [2011.01.12 17:37:45 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 9.lnk [2011.01.10 21:56:29 | 000,012,022 | ---- | C] () -- C:\Users\***\AppData\Local\MyWinLockerInstaller.txt-20110110.log [2010.12.14 13:41:25 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.12.11 17:45:22 | 000,000,127 | ---- | C] () -- C:\Windows\wininit.ini [2010.12.11 16:45:19 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2010.12.11 16:45:19 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2010.12.11 16:45:19 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2010.12.11 16:45:19 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2010.12.11 16:45:19 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2010.12.11 16:45:19 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2010.12.06 22:38:56 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log [2010.12.06 22:38:43 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll [2010.12.06 22:38:43 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll [2010.12.06 22:28:21 | 000,000,128 | ---- | C] () -- C:\Users\ ***\AppData\Roaming\wklnhst.dat [2010.03.28 15:46:13 | 000,001,799 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2010.03.28 06:28:08 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2010.03.28 06:10:59 | 000,008,682 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log [2010.03.28 06:09:12 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini [2009.11.05 04:32:42 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico [2009.11.05 01:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.11.05 01:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.11.05 01:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.07.23 19:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.14 13:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll [2007.10.02 14:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll [1996.03.22 00:32:26 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\DLWBC31.DLL ========== LOP Check ========== [2011.01.31 10:29:27 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2010.12.29 15:29:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.12.11 16:18:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.12.06 10:01:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cisco [2010.12.08 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander [2010.12.05 09:14:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole [2011.02.08 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.12.08 15:19:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LG Electronics [2010.12.10 14:58:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SaalDesignSoftware [2010.12.19 15:16:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.12.05 08:34:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.12.11 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems [2011.01.18 08:53:09 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.05 08:14:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.01.08 08:59:02 | 000,000,000 | ---D | M] -- C:\AMD [2011.01.08 17:30:33 | 000,000,000 | ---D | M] -- C:\ATI [2010.03.28 06:14:52 | 000,000,000 | ---D | M] -- C:\BOOK [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.12.05 08:13:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.01.08 08:59:17 | 000,000,000 | ---D | M] -- C:\drivers [2010.12.05 08:59:48 | 000,000,000 | ---D | M] -- C:\elements [2011.02.10 14:34:44 | 000,000,000 | ---D | M] -- C:\ERDNT [2009.11.05 01:37:23 | 000,000,000 | ---D | M] -- C:\Intel [2009.11.05 04:21:17 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.05 08:14:14 | 000,000,000 | -H-D | M] -- C:\oem [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.01.08 17:31:18 | 000,000,000 | R--D | M] -- C:\Programme [2011.02.10 14:36:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.02.10 14:36:36 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.05 08:13:54 | 000,000,000 | -HSD | M] -- C:\Programme [2010.12.05 08:13:54 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.02.10 14:48:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.05 08:14:02 | 000,000,000 | R--D | M] -- C:\Users [2011.01.13 13:24:18 | 000,000,000 | ---D | M] -- C:\VCS30_TMP [2011.02.10 14:42:11 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.03.28 15:49:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.03.28 15:49:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.03.28 15:49:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010.03.28 15:49:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Studium:Roxio EMC Stream @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 < End of report > |
10.02.2011, 15:42 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Log-Auswertung!Zitat:
Dateien, die crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten
__________________ |
10.02.2011, 16:12 | #3 |
| Log-Auswertung! Hi
__________________Ich kann eure Forenregeln sehr gut verstehen und ich kann euch versichern, dass ich derjenige bin, der sich immer die Vollversionen und Orginale zulegt. Dieser Crack hatte folgenden Hintergrund (ob ihrs mir glaubt oder nicht=) ) Ich schreibe gerade an meiner Bachelorarbeit und brauche für die statistischen Auswertungen das Programm SigmaPlot. Ich fragte am Lehrstuhl und diese gaben mir eine Version, welche ich installierte (SigmaPlot Vers. 9). Dummerweise geht der Lincense Key nicht, weil dieser vermutlich abgelaufen ist. Mein Betreuer kümmert sich um einen neuen Key, jedoch muss dies erst offiziell beantragt werden, weil dieses Programm recht teuer ist. Nächsten Montag habe ich weitere Versuche und müsste schauen ob sich meine Vermutungen bis dahin bewahrheitet haben...ansonten muss ich die Versuche am Montag umstellen bzw. mache sie für die Katz wenn ich später herausfinden sollte, dass mein Verdacht sich bestätigt. Leider geht das nur mit SigmaPlot oder einem vergleichbaren Programm. Excel konnte mir leider nicht helfen.... Da ich also (vorerst) nicht auf das Programm warten kann, wollte ich mir den Crack (vorläufig) besorgen um meine Geraden berechnen zu lassen. Sicher ist dies illegal gewesen (obwohl ich es moralisch nicht verwerflich finde, weil die Orginalversion sehr bald nachgeliefert wird) und ich habe die Folgen ja auch zu spüren bekommen. Ich bitte euch daher mir trotz allem zu helfen (da ich auch noch andere Trojaner bei mir gefunden habe=( )...falls nicht kann ich das aber aufgrund eurer Forenregeln verstehen... Nur bitte lasst es mich wissen, damit ich mir schnellst möglich woanders Hilfe suchen kann.=) Viele Grüße und vielen Dank Richi |
10.02.2011, 16:16 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Log-Auswertung! Der Hintergrund ist mir ziemlich egal, bei illegaler Software gibt es hier nur ein format c:
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2011, 16:20 | #5 |
| Log-Auswertung! Alles klar..sagte ja, dass ich das verstehen kann |
Themen zu Log-Auswertung! |
64-bit, alternate, autorun, avast!, bho, c:\windows\system32\rundll32.exe, converter, desktop, ebay, error, excel, extras.txt, flash player, format, google, hijack, hijack.zones, home, home premium, iastor.sys, ieframe.dll, install.exe, launch, location, logfile, media center, microsoft office word, mozilla, mozilla thunderbird, office 2007, oldtimer, plug-in, programdata, programm, realtek, registry, richtlinie, rundll, saver, scan, searchplugins, security, security update, server, shell32.dll, shortcut, software, start menu, syswow64, tablet, tracker, trojaner, usb, video converter, vlc media player, webcheck, windows |