|
Log-Analyse und Auswertung: Computer hängt und Virus FundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2011, 09:12 | #1 |
| Computer hängt und Virus Funde Hallo! Seit gestern passt auf meinem PC irgendwas nicht. Ich hab ganz normal gesurft und nachdem ich auf einer Seite, wo man Nylon-Haar kaufen kann war, bekam ich andauernt Viren Warnungen von Avira. Der PC hängt seitdem dauernt... Hier die Viren Meldungen: In der Datei 'C:\Users\***\AppData\Local\Temp\65C7.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. In der Datei 'C:\Users\***\AppData\Local\Temp\B06E.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. In der Datei 'C:\Users\***\AppData\Local\Temp\BAEB.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. In der Datei 'C:\Users\***\AppData\Local\Temp\FD68.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. In der Datei 'C:\Users\***\AppData\Local\Temp\1E42.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. In der Datei 'C:\Users\***\AppData\Local\Temp\492A.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. In der Datei 'C:\Users\***\AppData\Local\Temp\75BB.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Diese Meldungen aber alle öfters und abwechselnd. Heute als ich den PC gestartet habe bekam ich dann folgende Meldung (oder so ähnlich): User\***\AppData\Local\Temp\csrss.exe wurde entfernt oder muss über die Regestry entfernt werden. Und dann konnte man nur auf OK drücken. JEtzt scan ich gerade den PC mit Malwarebytes. Den Bericht poste ich dann nachher, weil es dauert ewig bis alles fertig ist! Gerade kam eine neue Virenmeldung: In der Datei 'C:\Users\***\AppData\Local\Temp\AD9E.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. |
14.02.2011, 11:15 | #2 |
| Computer hängt und Virus Funde Hallo,
__________________mittlerweile funktioniert auf meinem PC das Internet nicht mehr. Windows-Netwerkdiagnose: "www.google.at" ist nicht eingerichtet, eine Verbindung auf Port "World Wide Web-Dienst (HTTP)" mit diesem Computer einzugehen. Hier ist der Malwarebytes Scan: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5758 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19019 14.02.2011 09:37:41 mbam-log-2011-02-14 (09-37-41).txt Scan type: Quick scan Objects scanned: 206125 Time elapsed: 44 minute(s), 26 second(s) Memory Processes Infected: 3 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: c:\Users\***\AppData\Roaming\dwm.exe (Trojan.Downloader) -> 2696 -> Unloaded process successfully. c:\Users\***\AppData\Roaming\microsoft\conhost.exe (Trojan.Downloader) -> 2272 -> Unloaded process successfully. c:\Users\***\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> 3704 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Downloader) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diskheckrt.exe (Spyware.Passwords.XGen) -> Value: diskheckrt.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\***\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\Users\***\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\conhost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\diskheckrt\diskheckrt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\F194.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\1A38.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\1ECB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. Wegen Internet hab ich folgende Lösung probiert: http://www.trojaner-board.de/94344-p...n-pruefen.html Funktioniert aber nicht ich kann keine Adresse oder Proxy eingeben, die Felder sind grau und man kann nichts eingeben! Scan mit OTL: OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.02.2011 11:30:15 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 40,61 Gb Free Space | 28,19% Space Free | Partition Type: NTFS Drive D: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 144,04 Gb Total Space | 105,78 Gb Free Space | 73,44% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - E:\PSE9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Brussossf) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AdobeActiveFileMonitor9.0) -- E:\PSE9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1108&m=aspire_7730g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1108&m=aspire_7730g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1108&m=aspire_7730g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig?brand=ACAW&bmod=ACEU IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63111 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.27 14:23:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.12 11:05:34 | 000,000,000 | ---D | M] [2011.01.12 11:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.01.12 11:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{SbX-140759-9783706833790-stu10} [2010.09.13 19:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flvdaeth.default\extensions [2010.05.12 19:19:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flvdaeth.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.13 19:05:55 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flvdaeth.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2010.09.09 14:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.24 10:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.08.25 01:44:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.25 01:44:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.25 01:44:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.25 01:44:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.25 01:44:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: &Alles mit BitComet herunterladen - E:\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &Download by Orbit - E:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - E:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - E:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - E:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Mit BitComet herunter&laden - E:\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-at.cab (MSN Photo Upload Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234793285735&h=f7a322b22d946ef88b01b250ad2d58c2/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/14/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-at.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.06.27 10:12:50 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{373a7b1b-b286-11dd-917c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{373a7b1b-b286-11dd-917c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.14 11:29:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.09 17:11:47 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 17:11:44 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 17:11:44 | 000,000,000 | -H-D | C] -- C:\diskheckrt [2011.02.09 17:11:43 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 17:11:34 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 17:11:34 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 17:11:34 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 17:11:34 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 17:11:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 17:11:33 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 17:11:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 17:11:33 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 17:11:33 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 17:11:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 17:11:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 17:11:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 17:11:33 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 17:11:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 17:11:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 17:11:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 17:11:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 17:11:26 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 17:11:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.08 12:47:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Debut [2011.02.08 12:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2011.02.08 12:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2011.02.08 12:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2011.02.08 12:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software [2011.02.08 12:47:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NCH Software [2011.02.08 12:47:22 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software [2011.02.08 12:45:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRightToGo [2011.02.08 12:45:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Downloads [2011.02.08 12:42:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2011.02.01 10:00:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Challenge.sims3 [2011.01.31 20:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2011.01.31 19:28:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Genforschung.sims3 [2011.01.15 19:49:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProgSense [2011.01.15 19:48:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GrabPro [2011.01.15 19:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [2011.01.15 19:48:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Orbit [2011.01.15 19:41:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX [2011.01.15 19:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.01.15 19:40:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2011.01.15 19:40:13 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.01.15 19:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.14 11:32:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.14 11:28:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.14 11:18:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.02.14 10:54:55 | 000,117,256 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.14 10:53:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.02.14 10:53:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.14 10:51:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.14 10:51:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.14 10:51:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.14 10:51:14 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys [2011.02.14 09:48:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.02.14 09:34:41 | 000,006,602 | ---- | M] () -- C:\Users\***\AppData\Roaming\678C.65D [2011.02.13 14:29:29 | 006,450,727 | ---- | M] () -- C:\Users\***\Desktop\Skylarksims_RococoHair.zip [2011.02.13 12:47:38 | 001,216,913 | ---- | M] () -- C:\Users\***\Desktop\P1010406.JPG [2011.02.12 14:33:01 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.02.11 19:11:56 | 000,117,256 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.11 16:54:43 | 000,013,225 | ---- | M] () -- C:\Users\***\Documents\Kopie von attachment.xlsx [2011.02.10 20:15:05 | 002,405,271 | ---- | M] () -- C:\Users\***\Desktop\sunny.mp3 [2011.02.10 20:14:04 | 002,535,361 | ---- | M] () -- C:\Users\***\Desktop\sunny+voc.mp3 [2011.02.10 13:49:06 | 000,370,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.08 12:47:27 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk [2011.02.08 12:45:47 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.02.07 20:55:15 | 000,040,631 | ---- | M] () -- C:\Users\***\Documents\Hallo.docx [2011.02.07 18:52:16 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.07 18:52:16 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.07 18:52:16 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.07 18:52:16 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.07 16:34:35 | 000,012,394 | ---- | M] () -- C:\Users\***\Documents\Der Tag verläuft eigentlich wie immer.docx [2011.02.06 17:01:11 | 002,740,192 | ---- | M] () -- C:\Users\***\Desktop\[lotus]NewSea-SIMS3-hair-yu019-fox.rar [2011.02.06 17:01:06 | 002,363,258 | ---- | M] () -- C:\Users\***\Desktop\[lotus]NewSea-SIMS3-hair-yu015-piggy.rar [2011.02.06 16:59:41 | 000,520,192 | ---- | M] () -- C:\Users\***\Desktop\105697.sims3pack [2011.02.06 16:58:29 | 002,368,794 | ---- | M] () -- C:\Users\***\Desktop\[lotus]NewSea-SIMS3-hair-YU023-Jade.rar [2011.02.04 21:10:57 | 000,125,952 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.01 10:02:29 | 000,007,114 | ---- | M] () -- C:\Users\***\Desktop\NRaas_Woohooer_Scoring_V40.zip [2011.02.01 10:02:27 | 000,196,137 | ---- | M] () -- C:\Users\***\Desktop\NRaas_Woohooer_V40.zip [2011.01.31 20:01:06 | 000,000,505 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk [2011.01.31 15:25:16 | 000,013,028 | ---- | M] () -- C:\Users\***\Desktop\SailorMoonComic.xlsx [2011.01.29 20:15:31 | 002,059,039 | ---- | M] () -- C:\Users\***\Desktop\ostern_bearbeitet-1.psd [2011.01.16 20:08:41 | 000,014,649 | ---- | M] () -- C:\Users\***\Documents\sims.docx [2011.01.15 19:48:58 | 000,000,532 | ---- | M] () -- C:\Users\***\Desktop\Orbit.lnk [2011.01.15 19:41:50 | 000,001,397 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk [2011.01.15 19:41:04 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.01.15 19:40:40 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.13 14:29:25 | 006,450,727 | ---- | C] () -- C:\Users\***\Desktop\Skylarksims_RococoHair.zip [2011.02.13 13:00:12 | 000,006,602 | ---- | C] () -- C:\Users\***\AppData\Roaming\678C.65D [2011.02.13 12:46:29 | 001,216,913 | ---- | C] () -- C:\Users\***\Desktop\P1010406.JPG [2011.02.13 12:46:11 | 000,931,682 | ---- | C] () -- C:\Users\***\Desktop\P1010380.JPG [2011.02.11 16:54:42 | 000,013,225 | ---- | C] () -- C:\Users\***\Documents\Kopie von attachment.xlsx [2011.02.10 20:14:51 | 002,405,271 | ---- | C] () -- C:\Users\***\Desktop\sunny.mp3 [2011.02.10 20:13:52 | 002,535,361 | ---- | C] () -- C:\Users\***\Desktop\sunny+voc.mp3 [2011.02.08 12:47:27 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk [2011.02.07 16:29:28 | 000,012,394 | ---- | C] () -- C:\Users\***\Documents\Der Tag verläuft eigentlich wie immer.docx [2011.02.06 17:01:10 | 002,740,192 | ---- | C] () -- C:\Users\***\Desktop\[lotus]NewSea-SIMS3-hair-yu019-fox.rar [2011.02.06 17:01:06 | 002,363,258 | ---- | C] () -- C:\Users\***\Desktop\[lotus]NewSea-SIMS3-hair-yu015-piggy.rar [2011.02.06 16:59:38 | 000,520,192 | ---- | C] () -- C:\Users\***\Desktop\105697.sims3pack [2011.02.06 16:58:12 | 002,368,794 | ---- | C] () -- C:\Users\***\Desktop\[lotus]NewSea-SIMS3-hair-YU023-Jade.rar [2011.02.01 10:02:29 | 000,007,114 | ---- | C] () -- C:\Users\***\Desktop\NRaas_Woohooer_Scoring_V40.zip [2011.02.01 10:02:24 | 000,196,137 | ---- | C] () -- C:\Users\***\Desktop\NRaas_Woohooer_V40.zip [2011.01.31 20:01:06 | 000,000,505 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk [2011.01.29 20:15:29 | 002,059,039 | ---- | C] () -- C:\Users\***\Desktop\ostern_bearbeitet-1.psd [2011.01.29 19:48:12 | 014,724,750 | ---- | C] () -- C:\Users\***\easter_eggs.abr [2011.01.15 19:48:58 | 000,000,532 | ---- | C] () -- C:\Users\***\Desktop\Orbit.lnk [2011.01.15 19:41:50 | 000,001,397 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk [2011.01.15 19:41:04 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.01.15 19:40:40 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.10.05 15:45:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.07.09 15:15:41 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.07.09 15:15:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.06.08 16:58:59 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.06.08 16:58:58 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.06.08 16:58:55 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.06.08 16:58:55 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.06.08 16:58:54 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.10 12:46:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.02.28 15:06:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.10 19:47:51 | 000,000,595 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.12.24 20:55:22 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.08.16 11:36:43 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.13 00:24:22 | 000,000,761 | ---- | C] () -- C:\Windows\wininit.ini [2009.04.16 18:45:11 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2009.03.22 19:48:18 | 000,000,204 | ---- | C] () -- C:\Windows\ulead32.ini [2009.03.15 01:26:55 | 000,125,952 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.18 23:36:28 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.02.15 16:09:53 | 000,117,256 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.02.15 16:09:47 | 000,117,256 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.11.14 20:14:40 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.11.14 20:08:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.11.14 20:08:44 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.04.18 19:25:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.04.18 10:49:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.04.18 10:49:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.04.18 09:56:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.04.18 09:52:45 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.04.18 09:42:52 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9E22BBE8 < End of report > EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.02.2011 11:30:15 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 40,61 Gb Free Space | 28,19% Space Free | Partition Type: NTFS Drive D: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 144,04 Gb Total Space | 105,78 Gb Free Space | 73,44% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Orbitdownloader\orbitdm.exe" = E:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "E:\Orbitdownloader\orbitnet.exe" = E:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1C36411B-07A3-4C15-B5A8-8365A015380B}" = rport=137 | protocol=17 | dir=out | app=system | "{5109F0F3-3D6C-4854-9D1E-997957B0AA62}" = lport=137 | protocol=17 | dir=in | app=system | "{645DFB36-CD13-480B-BDE1-FB73A0434746}" = lport=445 | protocol=6 | dir=in | app=system | "{7D15A4E9-D682-4FF3-92EE-727D48C5AA2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{81676AAA-5AFC-4B94-8189-5D209B617D2B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9516996F-64A4-43FE-A675-9CD476D1E304}" = rport=445 | protocol=6 | dir=out | app=system | "{A04D7A52-C830-4262-9905-114E8F9B1895}" = rport=138 | protocol=17 | dir=out | app=system | "{B20E801F-CD68-4923-883C-4680D9F8F581}" = lport=2869 | protocol=6 | dir=in | app=system | "{B9A77369-5D58-4D8F-BB1B-AA327E14307C}" = lport=139 | protocol=6 | dir=in | app=system | "{F2AF5EB4-B3AA-457B-8DCA-2375001FF2B4}" = rport=139 | protocol=6 | dir=out | app=system | "{F395516B-3468-47D5-B7F1-69DA44D2DF08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F7DB981E-21C6-4CFB-BE9D-FFBF9A532B3D}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E4EDB2E-7A92-43E6-8897-53B6AEB3AFF0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{12184E5A-9CE2-4B47-95F3-2A883A973399}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{14D07861-0A5C-4924-B31B-59088E78063A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{29E68FBA-9EFB-4AD8-BA41-01DB95F5F915}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{2C0ED5AF-7B47-42CA-BBB2-DFE2DF6DC63E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "{2D23ADF8-070A-4F7F-B31A-8F52651360FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{30725DB0-FE78-43B2-8FD1-45C1599AB623}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{379EC35C-E9AE-4E04-9C29-8B26F5F447C0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3C4B4445-ED91-4DE0-BF0D-9722954CC0F3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "{3C81D82D-71AF-48D2-9187-CD78D4500348}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{3F1BD065-CB53-465D-9344-8131EE4A24BB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{449624C0-B221-4970-955C-3D36E9B3DF7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{455A26F0-C6B0-46EF-82ED-33468C2FB9C7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{4A8CFACC-25DA-4B2F-97CC-D8D8250E2617}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4B93A67F-FC36-4F73-9188-999DD8C05A11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4DABA7B8-BF08-4297-AA2C-7E1B0B7AA6A3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{4F966CDA-6A01-4BF9-A58F-C7730AE2182F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{51769F01-745E-4B2C-B400-F6EC29772B3B}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{7EDB290C-C2EA-4B04-9BB5-67F175461598}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{7F572F8D-5F40-4AA6-9BD7-8065255C3F5B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{83615A70-A1A9-49B9-9C0E-36A1B08A3B7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8737DBFA-FFA7-4D38-9D17-1590EC698208}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{A0C311F6-01FE-46EE-BBBB-A31546E2C522}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{A5E447F2-BDB1-4435-9DBF-2909FE4014C3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{A8473872-1E8C-44D0-AD2E-181442139612}" = protocol=6 | dir=in | app=e:\bitcomet\bitcomet.exe | "{A9692340-537D-464B-B74A-E300EE543C82}" = protocol=17 | dir=in | app=e:\bitcomet\bitcomet.exe | "{AA47332C-11A7-4DBD-8EEA-E197507B6AD5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{B30645F8-4F0C-45FB-B59E-E27AB907B32B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BBBD9B95-F7A6-4C5A-948C-2CB1B0D0484D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BC3D4632-0058-4489-A7E2-05D654ED0601}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{DBC71D6E-5325-45CF-8F72-EA52CE052DCC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{E485E669-E635-46F4-BC37-06BC231DF8B8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F2C47268-BED8-41FF-9091-F7E12FA428A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F5FC032E-E80F-40B8-A7B0-012DD8A929B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{0471CE64-DBC1-4104-B853-E6CDAAC9884C}E:\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=e:\bitcomet\bitcomet.exe | "TCP Query User{27D29158-F0AF-4386-BF18-B84DFB1626FE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{2DAA623F-D748-4F65-BEA2-9F2CE94AB39B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{30C265DD-2FF4-4C80-9759-234CD091FCD1}E:\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=e:\orbitdownloader\orbitnet.exe | "TCP Query User{4BA29F03-EA7C-41FF-8AE3-79C543695160}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{AF2A483F-559C-4283-A2FB-667205227EFE}E:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "TCP Query User{BBE9680E-D219-4DC8-9E31-6BD0FCFAF472}C:\users\***\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files\dna\btdna.exe | "TCP Query User{C321B3E6-68BE-4A33-9899-E9D150CB1910}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{D52BEA4E-CB2F-4695-AE0F-9D4BB8C19C64}C:\users\***\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files\dna\btdna.exe | "TCP Query User{E6DBA053-9E63-4FA0-8B68-0A11CA102DB6}E:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\miranda im\miranda32.exe | "UDP Query User{076FF432-231B-40D7-822F-007A0DA9FA49}E:\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=e:\orbitdownloader\orbitnet.exe | "UDP Query User{1CBC1CFC-DADC-43E1-8E06-9F74E85F3E93}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{2EB6A77A-E128-4C1B-8907-B97334F17C4F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{4C919A19-D8B1-4034-9E3E-D2108AC7B259}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{5E9DD15B-87F9-4EC8-869B-A3D1CB08A0AC}E:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\miranda im\miranda32.exe | "UDP Query User{8E271F6D-7F10-4D57-AE07-684B5204C86C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{948B70B8-99ED-4FE9-8CB5-3589C35C7F77}E:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "UDP Query User{BC09BDC4-791A-4DD5-BDA0-2AF7211AD808}E:\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=e:\bitcomet\bitcomet.exe | "UDP Query User{C2CD4DD9-8E1A-4F92-A686-13D426A56CAE}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe | "UDP Query User{F6298BAE-A915-4D91-86B6-C15462EB04D9}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{01161F64-6897-4885-93A0-A9F7BE9A4253}" = hp psc 1100 series "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24432643-0073-4E6E-9D09-3438F2335906}" = EuroTalk Talk Now! "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65761BAE-11E8-48FE-B30F-1F01011AB906}" = Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82BF01FD-1FC2-4E33-861B-B32E8DC22723}" = TSR Workshop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7 "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager "{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Spezialeffekte "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009) "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{SbX-140759-9783706833790-stu10}}_is1" = SbX Betriebswirtschaft HAK II 09-10 "Acer Acer Bio Protection 6.0.00.13" = Acer Bio Protection AAA 6.0.00.13 "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Audacity 1.3 Beta_is1" = Audacity 1.3.7 "AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BitComet" = BitComet 1.23 "BlackBerry_{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7 "CamStudio" = CamStudio "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Debut" = Debut Video Capture Software "DivX Setup.divx.com" = DivX-Setup "EADM" = EA Download Manager "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GridVista" = Acer GridVista "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP PSC 1100 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1100 series "ImgBurn" = ImgBurn "InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Spezialeffekte "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Full) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Miranda IM" = Miranda IM 0.8.9 "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "NVIDIA Drivers" = NVIDIA Drivers "Orbit_is1" = Orbit Downloader "QuickPar" = QuickPar 0.9 "Recuva" = Recuva (remove only) "s3pe" = Sims3 Package Editor "Shockwave" = Shockwave "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tales of Monkey Island" = Tales of Monkey Island "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.8a "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "Xfire" = Xfire (remove only) "Xilisoft PSP Video Converter" = Xilisoft PSP Video Converter ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE) "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.03.2010 15:12:49 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11606 Description = Error - 07.03.2010 15:12:51 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11606 Description = Error - 08.03.2010 09:02:36 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 08.03.2010 13:03:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 09.03.2010 04:32:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 09.03.2010 09:56:17 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 09.03.2010 12:55:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 10.03.2010 08:32:56 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 10.03.2010 16:17:39 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.0.0.456, Zeitstempel 0x453c8fee, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x3030302e, Prozess-ID 0x68b4, Anwendungsstartzeit 01cac08eb78017a3. Error - 11.03.2010 09:16:55 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 15.02.2009 10:07:50 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 15.02.2009 10:43:13 | Computer Name = ***-PC | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 192.168.100.2 über die Netzwerkkarte mit der Netzwerkadresse 00238B312D9C ist verloren gegangen. Error - 15.02.2009 10:45:52 | Computer Name = ***-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 212.17.70.138 für die Netzwerkkarte mit der Netzwerkadresse 00238B312D9C wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 15.02.2009 10:47:20 | Computer Name = ***-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 212.17.70.138 für die Netzwerkkarte mit der Netzwerkadresse 00238B312D9C wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 15.02.2009 10:48:24 | Computer Name = ***-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 212.17.70.138 für die Netzwerkkarte mit der Netzwerkadresse 00238B312D9C wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 15.02.2009 11:06:53 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 15.02.2009 11:22:04 | Computer Name = ***-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 212.17.70.138 für die Netzwerkkarte mit der Netzwerkadresse 00238B312D9C wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 15.02.2009 12:44:59 | Computer Name = ***-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 212.17.70.138 für die Netzwerkkarte mit der Netzwerkadresse 00238B312D9C wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 15.02.2009 12:45:00 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 15.02.2009 12:45:02 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = < End of report > Geändert von bunny87 (14.02.2011 um 12:00 Uhr) |
Themen zu Computer hängt und Virus Funde |
a.exe, appdata, bericht, computer, computer hängt, csrss.exe, datei, entfernt, folge, folgende, fund, hängt, kaufen, meldungen, neue, pc hängt, programm, scan, seite, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojan, unerwünschtes programm, viren, virus, virus fund, warnungen |