| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 2. Laptop; Trojaner; Sparkasse. Win7 64bitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2011, 12:04
| #1 |
 |  2. Laptop; Trojaner; Sparkasse. Win7 64bit Um zu vermeiden das alles durcheinander wirbelt hier nochmal die (Kurz)beschreibung. Über einen Brief der Sparkasse wurde ich darüber informiert das ich evtl. einen Trojaner hätte der meine Passwörter etc. hackt. Daraufhin wurde mein Online-Banking Konto vorerst gesperrt. Nachdem ich bei mir "Anti Vir" hab suchen lassen kam folgendes heraus: 1. Code:
ATTFilter Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 26. Februar 2011 13:53
Es wird nach 2437318 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : DIRTYHARRY-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.611 31824 Bytes 14.01.2011 13:28:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 26.12.2010 18:19:23
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.3.2 104296 Bytes 26.12.2010 18:19:25
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 18:18:33
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 09:54:27
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 09:54:27
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 09:54:27
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 09:54:27
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 09:54:27
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 09:54:27
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 09:54:27
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 09:54:27
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 09:54:27
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 09:54:27
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 09:54:28
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 09:54:28
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 13:10:32
VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 13:10:32
VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 00:27:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 00:27:10
VBASE018.VDF : 7.11.3.217 2048 Bytes 24.02.2011 00:27:10
VBASE019.VDF : 7.11.3.218 2048 Bytes 24.02.2011 00:27:10
VBASE020.VDF : 7.11.3.219 2048 Bytes 24.02.2011 00:27:10
VBASE021.VDF : 7.11.3.220 2048 Bytes 24.02.2011 00:27:10
VBASE022.VDF : 7.11.3.221 2048 Bytes 24.02.2011 00:27:10
VBASE023.VDF : 7.11.3.222 2048 Bytes 24.02.2011 00:27:10
VBASE024.VDF : 7.11.3.223 2048 Bytes 24.02.2011 00:27:10
VBASE025.VDF : 7.11.3.224 2048 Bytes 24.02.2011 00:27:10
VBASE026.VDF : 7.11.3.225 2048 Bytes 24.02.2011 00:27:10
VBASE027.VDF : 7.11.3.226 2048 Bytes 24.02.2011 00:27:10
VBASE028.VDF : 7.11.3.227 2048 Bytes 24.02.2011 00:27:10
VBASE029.VDF : 7.11.3.228 2048 Bytes 24.02.2011 00:27:10
VBASE030.VDF : 7.11.3.229 2048 Bytes 24.02.2011 00:27:10
VBASE031.VDF : 7.11.3.240 62976 Bytes 25.02.2011 00:27:11
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 21.09.2010 19:43:26
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 26.02.2011 00:27:21
AESCN.DLL : 8.1.7.2 127349 Bytes 28.11.2010 20:05:58
AESBX.DLL : 8.1.3.2 254324 Bytes 28.11.2010 20:06:05
AERDL.DLL : 8.1.9.2 635252 Bytes 21.09.2010 19:43:26
AEPACK.DLL : 8.2.4.10 520567 Bytes 26.02.2011 00:27:19
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 01.02.2011 18:11:43
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 26.02.2011 00:27:18
AEHELP.DLL : 8.1.16.1 246134 Bytes 16.02.2011 09:54:31
AEGEN.DLL : 8.1.5.2 397683 Bytes 21.01.2011 10:37:11
AEEMU.DLL : 8.1.3.0 393589 Bytes 28.11.2010 20:05:33
AECORE.DLL : 8.1.19.2 196983 Bytes 21.01.2011 10:37:08
AEBB.DLL : 8.1.1.0 53618 Bytes 21.09.2010 19:43:23
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 04.11.2010 19:36:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 26.12.2010 18:19:23
AVARKT.DLL : 10.0.22.6 231784 Bytes 26.12.2010 18:19:20
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 04.11.2010 19:36:31
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Beginn des Suchlaufs: Samstag, 26. Februar 2011 13:53
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\a1841308-3541-4fab-bc81-f71556f20b4a
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'BelkinSetup.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'DDMService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'BelkinRouterMonitor.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileConnect.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcerVCM.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'rpcnet.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlipShareService.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'BelkinService.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '94' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
C:\Users\DirtyHarry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5N2XE67R\Firefox%20Setup%203.6.8[1].exe
--> Object
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\DirtyHarry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\39badc98-7b779ad1
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
--> bpac/purok.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
C:\Users\DirtyHarry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\13de1d5b-5d3fc5b6
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
--> bpac/purok.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
C:\Users\DirtyHarry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4f7f8e7f-2f9a1823
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rast.A
--> folder/peternova.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rast.A
Beginne mit der Desinfektion:
C:\Users\DirtyHarry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4f7f8e7f-2f9a1823
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rast.A
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48ccaf56.qua' verschoben!
C:\Users\DirtyHarry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\13de1d5b-5d3fc5b6
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '503680c6.qua' verschoben!
C:\Users\DirtyHarry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\39badc98-7b779ad1
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '026fda34.qua' verschoben!
Ende des Suchlaufs: Samstag, 26. Februar 2011 15:17
Benötigte Zeit: 1:22:49 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
28937 Verzeichnisse wurden überprüft
681595 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
681592 Dateien ohne Befall
4867 Archive wurden durchsucht
2 Warnungen
3 Hinweise
516806 Objekte wurden beim Rootkitscan durchsucht
2 Versteckte Objekte wurden gefunden
Code:
ATTFilter Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 26. Februar 2011 15:23
Es wird nach 2437318 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : DirtyHarry
Computername : DIRTYHARRY-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.611 Bytes 14.01.2011 13:28:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 26.12.2010 18:19:23
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.3.2 104296 Bytes 26.12.2010 18:19:25
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 18:18:33
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 09:54:27
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 09:54:27
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 09:54:27
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 09:54:27
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 09:54:27
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 09:54:27
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 09:54:27
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 09:54:27
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 09:54:27
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 09:54:27
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 09:54:28
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 09:54:28
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 13:10:32
VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 13:10:32
VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 00:27:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 00:27:10
VBASE018.VDF : 7.11.3.217 2048 Bytes 24.02.2011 00:27:10
VBASE019.VDF : 7.11.3.218 2048 Bytes 24.02.2011 00:27:10
VBASE020.VDF : 7.11.3.219 2048 Bytes 24.02.2011 00:27:10
VBASE021.VDF : 7.11.3.220 2048 Bytes 24.02.2011 00:27:10
VBASE022.VDF : 7.11.3.221 2048 Bytes 24.02.2011 00:27:10
VBASE023.VDF : 7.11.3.222 2048 Bytes 24.02.2011 00:27:10
VBASE024.VDF : 7.11.3.223 2048 Bytes 24.02.2011 00:27:10
VBASE025.VDF : 7.11.3.224 2048 Bytes 24.02.2011 00:27:10
VBASE026.VDF : 7.11.3.225 2048 Bytes 24.02.2011 00:27:10
VBASE027.VDF : 7.11.3.226 2048 Bytes 24.02.2011 00:27:10
VBASE028.VDF : 7.11.3.227 2048 Bytes 24.02.2011 00:27:10
VBASE029.VDF : 7.11.3.228 2048 Bytes 24.02.2011 00:27:10
VBASE030.VDF : 7.11.3.229 2048 Bytes 24.02.2011 00:27:10
VBASE031.VDF : 7.11.3.240 62976 Bytes 25.02.2011 00:27:11
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 21.09.2010 19:43:26
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 26.02.2011 00:27:21
AESCN.DLL : 8.1.7.2 127349 Bytes 28.11.2010 20:05:58
AESBX.DLL : 8.1.3.2 254324 Bytes 28.11.2010 20:06:05
AERDL.DLL : 8.1.9.2 635252 Bytes 21.09.2010 19:43:26
AEPACK.DLL : 8.2.4.10 520567 Bytes 26.02.2011 00:27:19
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 01.02.2011 18:11:43
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 26.02.2011 00:27:18
AEHELP.DLL : 8.1.16.1 246134 Bytes 16.02.2011 09:54:31
AEGEN.DLL : 8.1.5.2 397683 Bytes 21.01.2011 10:37:11
AEEMU.DLL : 8.1.3.0 393589 Bytes 28.11.2010 20:05:33
AECORE.DLL : 8.1.19.2 196983 Bytes 21.01.2011 10:37:08
AEBB.DLL : 8.1.1.0 53618 Bytes 21.09.2010 19:43:23
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 04.11.2010 19:36:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 26.12.2010 18:19:23
AVARKT.DLL : 10.0.22.6 231784 Bytes 26.12.2010 18:19:20
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 04.11.2010 19:36:31
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\DIRTYH~1\AppData\Local\Temp\40b8c96b.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: F:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Beginn des Suchlaufs: Samstag, 26. Februar 2011 15:23
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'F:\' <YOKUS>
F:\winlog.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Delphi.Gen
Beginne mit der Desinfektion:
F:\winlog.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Delphi.Gen
[HINWEIS] Die Datei wurde gelöscht.
Ende des Suchlaufs: Samstag, 26. Februar 2011 15:25
Benötigte Zeit: 00:12 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
8 Verzeichnisse wurden überprüft
337 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
336 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Log Files der anderen Programme sind im Anhang. Der OTL Scan hat aber nicht funktioniert. Und zwar hatte ich das Programm schon vorher laufen lassen, ohne Vorbereitungen zu treffen. Als ich nun gerade den Anweisungen folgte, konnte ich die Scan.txt nicht einfügen als ich auf "Benutzerdefinierte Scans/fixes" geklickt habe. Also sind die OTL Logs von gestern OHNE vorbereitung. |
|
27.02.2011, 12:07
| #2 |
| /// Malware-holic   | 2. Laptop; Trojaner; Sparkasse. Win7 64bit 1. was ist f:
__________________für ein laufwerk? 2. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ |
|
27.02.2011, 12:31
| #3 |
| | 2. Laptop; Trojaner; Sparkasse. Win7 64bit F: ist ein ein Memory Stick meiner Verlobten gewesen den ich an meinem Laptop mit AntiVir durchsucht habe. Hatte nicht gesehen, dass der Log davon kam.
__________________ComboFix habe ich gerade auf dem vllt. infizierten Laptop laufen. Werde das Ergebnis dann posten sobald es fertig ist. |
|
27.02.2011, 12:32
| #4 |
| /// Malware-holic | 2. Laptop; Trojaner; Sparkasse. Win7 64bit der usb stick ist infiziert, der hat dir vllt malware ins haus gebracht, falls möglich, stick formatieren und erst mal nicht anschließen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2011, 13:34
| #5 |
| | 2. Laptop; Trojaner; Sparkasse. Win7 64bit Ah ok. Werde das dann machen. Kann ich die Dateien auf meinem MAC ohne Probleme sichern oder geht das nicht? Und ich sollte doch trotzdem meinen Computer und den anderen Computer (andere Thread) weiterprüfen oder? Hier ist zumindest die Log-Datei von Combo-Fix von meinem Computer: [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-02-26.01 - DirtyHarry 27.02.2011 12:27:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2807.1735 [GMT 1:00]
ausgeführt von:: c:\users\DirtyHarry\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\DirtyHarry\AppData\Roaming\Local
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Die.Fabelhafte.Welt.der.Amelie.2001.German.AC3.5.1.HD2DVDRip.XviD-Ms89.avi.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Die.fabelhafte.Welt.der.Amelie.GERMAN.2001.DVDRiP.XviD.iNTERNAL_REQiT_1.avi.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Die_fabelhafte_Welt_der_Amelie.avi.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.Fabelhafte.Welt.der.Amelie.2001.German.AC3.5.1.HD2DVDRip.XviD-Ms89.avi.ddp
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.fabelhafte.Welt.der.Amelie.GERMAN.2001.DVDRiP.XviD.iNTERNAL_REQiT_1.avi.ddp
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die_fabelhafte_Welt_der_Amelie.avi.ddp
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\windows\system32\drivers\etc\lmhosts
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-27 bis 2011-02-27 ))))))))))))))))))))))))))))))
.
2011-02-27 11:37 . 2011-02-27 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-27 11:01 . 2011-02-27 11:01 -------- d-----w- c:\program files\7-Zip
2011-02-27 10:13 . 2011-02-27 10:13 -------- d-----w- c:\program files (x86)\ERUNT
2011-02-26 23:04 . 2011-02-26 23:04 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\Malwarebytes
2011-02-26 23:03 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-26 23:03 . 2011-02-26 23:03 -------- d-----w- c:\programdata\Malwarebytes
2011-02-26 23:03 . 2011-02-26 23:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-26 23:03 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 21:31 . 2011-02-26 21:31 -------- d-----w- C:\_OTL
2011-02-26 17:26 . 2011-02-26 17:26 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\Canon
2011-02-26 17:20 . 2011-02-26 17:21 -------- d-----w- c:\users\DirtyHarry\AppData\Local\CANON_INC
2011-02-26 17:14 . 2011-02-26 17:14 -------- d-----w- c:\programdata\ZoomBrowser
2011-02-26 17:12 . 2011-02-26 17:15 -------- d-----w- c:\program files (x86)\Canon
2011-02-26 17:11 . 2011-02-26 17:11 -------- d-----w- c:\program files (x86)\Common Files\Canon
2011-02-26 01:56 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C73366A-E910-4819-8149-E56BF0CAAB0D}\mpengine.dll
2011-02-26 01:30 . 2011-02-26 01:30 -------- d-----w- c:\windows\system32\SPReview
2011-02-26 01:29 . 2011-02-26 01:29 -------- d-----w- c:\windows\system32\EventProviders
2011-02-26 01:21 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-26 01:21 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-02-26 01:21 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-02-26 01:21 . 2010-11-20 13:33 5563776 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-26 01:21 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-02-26 01:21 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-02-26 01:21 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2011-02-26 01:21 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2011-02-26 01:21 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-02-26 01:21 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-02-26 01:19 . 2010-11-20 13:27 680960 ----a-w- c:\windows\system32\termsrv.dll
2011-02-26 01:18 . 2010-11-20 12:19 206336 ----a-w- c:\windows\SysWow64\framedynos.dll
2011-02-26 01:17 . 2010-11-20 13:27 611840 ----a-w- c:\windows\system32\wpd_ci.dll
2011-02-26 01:16 . 2010-11-20 13:27 238080 ----a-w- c:\windows\system32\mstask.dll
2011-02-26 01:15 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2011-02-26 01:15 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2011-02-26 01:15 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2011-02-26 01:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-02-26 01:15 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-02-26 01:15 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-02-26 01:15 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-02-26 01:15 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-02-26 01:15 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-02-26 01:12 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-02-26 01:12 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-26 01:12 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-26 01:12 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-02-26 01:12 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-02-26 01:11 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-02-26 01:11 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-02-26 01:08 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-26 01:08 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-26 01:08 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-26 01:08 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-20 16:50 . 2011-02-20 16:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-20 14:19 . 2011-02-20 14:19 -------- d-----w- c:\users\DirtyHarry\AppData\Local\Microsoft Help
2011-02-16 09:45 . 2011-02-16 09:45 -------- d-----w- c:\windows\Sun
2011-02-15 20:57 . 2011-02-15 20:57 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\OpenOffice.org
2011-02-15 20:48 . 2011-02-15 20:48 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-02-15 20:47 . 2011-02-02 20:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-15 20:47 . 2011-02-02 20:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-15 20:47 . 2011-02-20 16:50 -------- d-----w- c:\program files (x86)\Java
2011-02-13 10:33 . 2011-02-13 10:33 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\DVDVideoSoftIEHelpers
2011-02-13 10:33 . 2011-02-13 10:33 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2011-02-13 10:33 . 2011-02-13 10:33 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-02-12 13:42 . 1998-06-17 17:07 57344 ----a-w- c:\windows\SysWow64\Mfc42loc.dll
2011-02-12 13:40 . 2011-02-12 13:40 -------- d-----w- c:\program files (x86)\Fox
2011-02-11 09:46 . 2011-01-07 09:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-11 09:46 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-11 09:46 . 2011-01-05 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-11 09:46 . 2011-01-05 05:55 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-11 09:46 . 2011-01-05 06:56 3129344 ----a-w- c:\windows\system32\win32k.sys
2011-02-11 09:44 . 2011-01-07 12:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-11 09:44 . 2011-01-07 09:20 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 09:44 . 2011-01-07 07:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-11 09:44 . 2011-01-07 05:43 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-11 09:44 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-02-11 09:44 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-02-11 09:44 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-02-11 09:44 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-11 09:44 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-02-06 17:41 . 2011-02-06 17:41 -------- d-----w- c:\program files (x86)\Flip Video
2011-01-29 17:29 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-29 17:29 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-01-29 17:19 . 2011-01-29 17:19 85465960 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc28A7.tmp
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 11:38 . 2010-04-08 03:06 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-02-27 11:38 . 2010-09-09 18:56 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-02-26 01:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-26 01:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-17 16:00 . 2010-09-09 18:55 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2011-02-17 16:00 . 2010-09-09 18:56 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-02-12 10:08 . 2010-09-07 19:59 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-02 16:11 . 2010-09-21 20:05 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-13 08:42 . 2010-04-08 03:07 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-01-13 08:41 . 2010-04-08 03:06 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-3-29 704032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 229888]
R3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 12800]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 107904]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
R3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [2010-11-20 61440]
R3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
R3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
R3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-14 45568]
R3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 34304]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 55376]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-06-10 31232]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2010-11-20 78720]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
R3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 410496]
R3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 78848]
R3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 273792]
R3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 106560]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 35392]
R3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys [2010-11-20 155008]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 31104]
R3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys [2010-11-20 140672]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
R3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 166272]
R3 PerfHost;Leistungsindikator-DLL-Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-01 239136]
R3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 29696]
R3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Konfiguration für Remotedesktops;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
R3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
R3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
R3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 39424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe [2009-07-14 40960]
R3 uliagpkx;Uli AGP-Bus-Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
R3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-14 100352]
R3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe [2009-07-14 31232]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 215936]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1255736]
R3 wbengine;Blockebenen-Sicherungsmodul;c:\windows\system32\wbengine.exe [2010-11-20 1504256]
R3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
R3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 27008]
S0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 367696]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2010-11-20 459248]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 223248]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2010-11-20 152960]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 50768]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
S0 spldr;Security Processor Loader Driver; [x]
S0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
S0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys [2010-11-20 71552]
S0 volmgrx;Dynamischer Volume-Manager;c:\windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 45056]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 102400]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 40448]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 24576]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
S1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 119296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
S2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [2009-07-13 113152]
S2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 651264]
S2 Power;Stromversorgung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3524608]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 45056]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 90624]
S3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 38912]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-06 158848]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-07 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
S3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe [2009-07-14 31232]
S3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 30208]
S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [2009-07-14 77312]
S3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 287744]
S3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 128000]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 318976]
S3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
S3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 413184]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 167936]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 125440]
S3 umbus;UMBusenumerator-Treiber;c:\windows\system32\drivers\umbus.sys [2010-11-20 48640]
S3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-14 24576]
S3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe [2009-07-14 27136]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
.
Inhalt des "geplante Tasks" Ordners
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 16:35]
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 16:35]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-24 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-24 410136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27360910l015l0424z105x45l2m765
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27360910l015l0424z105x45l2m765
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\DirtyHarry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\users\DirtyHarry\AppData\Roaming\Mozilla\Firefox\Profiles\5p2ml3z1.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files (x86)\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Grand Theft Auto - c:\program files (x86)\Rockstar Games\Grand Theft Auto\Uninst.isu
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-27 12:48:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-27 11:48
Vor Suchlauf: 10 Verzeichnis(se), 147.623.514.112 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 147.600.080.896 Bytes frei
- - End Of File - - FD78AAB9FA1E1F45C20D4E6B4F5ADF3A
|
|
27.02.2011, 13:53
| #6 |
| /// Malware-holic | 2. Laptop; Trojaner; Sparkasse. Win7 64bit kannst du. was hast du versucht mit otl zu löschen? log zeigen bitte
__________________ --> 2. Laptop; Trojaner; Sparkasse. Win7 64bit |
|
27.02.2011, 14:01
| #7 |
| | 2. Laptop; Trojaner; Sparkasse. Win7 64bit Wie schon gesagt habe ich OTL heruntergeladen und ausgeführt ohne wirklich zu wissen wofür das ist.  Die Logs die ich somit gestern Abend gemacht habe sind folgende: EXTRAS [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-02-26.01 - DirtyHarry 27.02.2011 12:27:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2807.1735 [GMT 1:00]
ausgeführt von:: c:\users\DirtyHarry\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\DirtyHarry\AppData\Roaming\Local
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Die.Fabelhafte.Welt.der.Amelie.2001.German.AC3.5.1.HD2DVDRip.XviD-Ms89.avi.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Die.fabelhafte.Welt.der.Amelie.GERMAN.2001.DVDRiP.XviD.iNTERNAL_REQiT_1.avi.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Die_fabelhafte_Welt_der_Amelie.avi.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.Fabelhafte.Welt.der.Amelie.2001.German.AC3.5.1.HD2DVDRip.XviD-Ms89.avi.ddp
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.fabelhafte.Welt.der.Amelie.GERMAN.2001.DVDRiP.XviD.iNTERNAL_REQiT_1.avi.ddp
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die_fabelhafte_Welt_der_Amelie.avi.ddp
c:\users\DirtyHarry\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\windows\system32\drivers\etc\lmhosts
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-27 bis 2011-02-27 ))))))))))))))))))))))))))))))
.
2011-02-27 11:37 . 2011-02-27 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-27 11:01 . 2011-02-27 11:01 -------- d-----w- c:\program files\7-Zip
2011-02-27 10:13 . 2011-02-27 10:13 -------- d-----w- c:\program files (x86)\ERUNT
2011-02-26 23:04 . 2011-02-26 23:04 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\Malwarebytes
2011-02-26 23:03 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-26 23:03 . 2011-02-26 23:03 -------- d-----w- c:\programdata\Malwarebytes
2011-02-26 23:03 . 2011-02-26 23:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-26 23:03 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 21:31 . 2011-02-26 21:31 -------- d-----w- C:\_OTL
2011-02-26 17:26 . 2011-02-26 17:26 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\Canon
2011-02-26 17:20 . 2011-02-26 17:21 -------- d-----w- c:\users\DirtyHarry\AppData\Local\CANON_INC
2011-02-26 17:14 . 2011-02-26 17:14 -------- d-----w- c:\programdata\ZoomBrowser
2011-02-26 17:12 . 2011-02-26 17:15 -------- d-----w- c:\program files (x86)\Canon
2011-02-26 17:11 . 2011-02-26 17:11 -------- d-----w- c:\program files (x86)\Common Files\Canon
2011-02-26 01:56 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C73366A-E910-4819-8149-E56BF0CAAB0D}\mpengine.dll
2011-02-26 01:30 . 2011-02-26 01:30 -------- d-----w- c:\windows\system32\SPReview
2011-02-26 01:29 . 2011-02-26 01:29 -------- d-----w- c:\windows\system32\EventProviders
2011-02-26 01:21 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-26 01:21 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-02-26 01:21 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-02-26 01:21 . 2010-11-20 13:33 5563776 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-26 01:21 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-02-26 01:21 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-02-26 01:21 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2011-02-26 01:21 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2011-02-26 01:21 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-02-26 01:21 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-02-26 01:19 . 2010-11-20 13:27 680960 ----a-w- c:\windows\system32\termsrv.dll
2011-02-26 01:18 . 2010-11-20 12:19 206336 ----a-w- c:\windows\SysWow64\framedynos.dll
2011-02-26 01:17 . 2010-11-20 13:27 611840 ----a-w- c:\windows\system32\wpd_ci.dll
2011-02-26 01:16 . 2010-11-20 13:27 238080 ----a-w- c:\windows\system32\mstask.dll
2011-02-26 01:15 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2011-02-26 01:15 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2011-02-26 01:15 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2011-02-26 01:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-02-26 01:15 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-02-26 01:15 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-02-26 01:15 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-02-26 01:15 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-02-26 01:15 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-02-26 01:12 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-02-26 01:12 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-26 01:12 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-26 01:12 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-02-26 01:12 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-02-26 01:11 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-02-26 01:11 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-02-26 01:08 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-26 01:08 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-26 01:08 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-26 01:08 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-20 16:50 . 2011-02-20 16:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-20 14:19 . 2011-02-20 14:19 -------- d-----w- c:\users\DirtyHarry\AppData\Local\Microsoft Help
2011-02-16 09:45 . 2011-02-16 09:45 -------- d-----w- c:\windows\Sun
2011-02-15 20:57 . 2011-02-15 20:57 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\OpenOffice.org
2011-02-15 20:48 . 2011-02-15 20:48 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-02-15 20:47 . 2011-02-02 20:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-15 20:47 . 2011-02-02 20:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-15 20:47 . 2011-02-20 16:50 -------- d-----w- c:\program files (x86)\Java
2011-02-13 10:33 . 2011-02-13 10:33 -------- d-----w- c:\users\DirtyHarry\AppData\Roaming\DVDVideoSoftIEHelpers
2011-02-13 10:33 . 2011-02-13 10:33 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2011-02-13 10:33 . 2011-02-13 10:33 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-02-12 13:42 . 1998-06-17 17:07 57344 ----a-w- c:\windows\SysWow64\Mfc42loc.dll
2011-02-12 13:40 . 2011-02-12 13:40 -------- d-----w- c:\program files (x86)\Fox
2011-02-11 09:46 . 2011-01-07 09:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-11 09:46 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-11 09:46 . 2011-01-05 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-11 09:46 . 2011-01-05 05:55 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-11 09:46 . 2011-01-05 06:56 3129344 ----a-w- c:\windows\system32\win32k.sys
2011-02-11 09:44 . 2011-01-07 12:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-11 09:44 . 2011-01-07 09:20 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 09:44 . 2011-01-07 07:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-11 09:44 . 2011-01-07 05:43 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-11 09:44 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-02-11 09:44 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-02-11 09:44 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-02-11 09:44 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-11 09:44 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-02-06 17:41 . 2011-02-06 17:41 -------- d-----w- c:\program files (x86)\Flip Video
2011-01-29 17:29 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-29 17:29 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-01-29 17:19 . 2011-01-29 17:19 85465960 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc28A7.tmp
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 11:38 . 2010-04-08 03:06 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-02-27 11:38 . 2010-09-09 18:56 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-02-26 01:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-26 01:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-17 16:00 . 2010-09-09 18:55 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2011-02-17 16:00 . 2010-09-09 18:56 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-02-12 10:08 . 2010-09-07 19:59 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-02 16:11 . 2010-09-21 20:05 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-13 08:42 . 2010-04-08 03:07 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-01-13 08:41 . 2010-04-08 03:06 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-3-29 704032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 135664]
R2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 229888]
R3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 12800]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 107904]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
R3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [2010-11-20 61440]
R3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
R3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
R3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-14 45568]
R3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 34304]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 55376]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-06-10 31232]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2010-11-20 78720]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
R3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 410496]
R3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 78848]
R3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 273792]
R3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 106560]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 35392]
R3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys [2010-11-20 155008]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 31104]
R3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys [2010-11-20 140672]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
R3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 166272]
R3 PerfHost;Leistungsindikator-DLL-Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-01 239136]
R3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 29696]
R3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Konfiguration für Remotedesktops;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
R3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
R3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
R3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 39424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe [2009-07-14 40960]
R3 uliagpkx;Uli AGP-Bus-Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
R3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-14 100352]
R3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe [2009-07-14 31232]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 215936]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1255736]
R3 wbengine;Blockebenen-Sicherungsmodul;c:\windows\system32\wbengine.exe [2010-11-20 1504256]
R3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
R3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 27008]
S0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 367696]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2010-11-20 459248]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 223248]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2010-11-20 152960]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 50768]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
S0 spldr;Security Processor Loader Driver; [x]
S0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
S0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys [2010-11-20 71552]
S0 volmgrx;Dynamischer Volume-Manager;c:\windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 45056]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 102400]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 40448]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 24576]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
S1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 119296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
S2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [2009-07-13 113152]
S2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 651264]
S2 Power;Stromversorgung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3524608]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 45056]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 90624]
S3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 38912]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-06 158848]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-07 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
S3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe [2009-07-14 31232]
S3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 30208]
S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [2009-07-14 77312]
S3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 287744]
S3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 128000]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 318976]
S3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
S3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 413184]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 167936]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 125440]
S3 umbus;UMBusenumerator-Treiber;c:\windows\system32\drivers\umbus.sys [2010-11-20 48640]
S3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-14 24576]
S3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe [2009-07-14 27136]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
.
Inhalt des "geplante Tasks" Ordners
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 16:35]
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 16:35]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-24 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-24 410136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27360910l015l0424z105x45l2m765
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27360910l015l0424z105x45l2m765
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\DirtyHarry\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\users\DirtyHarry\AppData\Roaming\Mozilla\Firefox\Profiles\5p2ml3z1.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files (x86)\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Grand Theft Auto - c:\program files (x86)\Rockstar Games\Grand Theft Auto\Uninst.isu
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-27 12:48:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-27 11:48
Vor Suchlauf: 10 Verzeichnis(se), 147.623.514.112 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 147.600.080.896 Bytes frei
- - End Of File - - FD78AAB9FA1E1F45C20D4E6B4F5ADF3A
|
|
27.02.2011, 14:05
| #8 |
| /// Malware-holic | 2. Laptop; Trojaner; Sparkasse. Win7 64bit das ist combofix. hast du mit otl was gelöscht oder nur gescant?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2011, 14:05
| #9 |
| | 2. Laptop; Trojaner; Sparkasse. Win7 64bit ?? Komisch hab ich was falsches kopiert. Tut mir leid. Hier nochmal die EXTRAS Datei. Soweit ich mich erinnere hab ich nur gescannt. Code:
ATTFilter OTL Extras logfile created on: 26.02.2011 22:30:47 - Run 1
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\DirtyHarry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,78 Gb Total Space | 136,84 Gb Free Space | 61,98% Space Free | Partition Type: NTFS
Drive D: | 36,10 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DIRTYHARRY-PC | User Name: DirtyHarry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FD4A62-8A2A-15D9-1372-EA9FF6C2D8A3}" = FlipShare
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93FD6568-A974-4292-B02E-AA9D90AEC13B}" = RUNAWAY 2 - The dream of the turtle
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C3DA8603-64E5-48F6-00AB-2FB1C029CCEB}" = NBA LIVE 07
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"DivX Setup.divx.com" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Google Chrome" = Google Chrome
"Grand Theft Auto" = Grand Theft Auto
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"LManager" = Launch Manager
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MyCamera" = Canon Utilities MyCamera
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Uninstall_is1" = Uninstall 1.0.0.1
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2011 06:06:01 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 08:25:34 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 11:07:13 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 18:13:16 | Computer Name = DirtyHarry-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1164 Startzeit:
01cbcad18a28ad4d Endzeit: 27 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
47695825-36f5-11e0-9ebf-705ab6d56715
Error - 13.02.2011 06:27:26 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.02.2011 06:42:32 | Computer Name = DirtyHarry-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften
Prozesses: 0x2e0 Startzeit der fehlerhaften Anwendung: 0x01cbcb69a1218571 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f5bdc513-375d-11e0-b195-705ab6d56715
Error - 14.02.2011 06:49:44 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.02.2011 08:31:08 | Computer Name = DirtyHarry-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1154 Startzeit:
01cbcc3634253249 Endzeit: 35 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
48b0020f-3836-11e0-8d14-705ab6d56715
Error - 14.02.2011 11:01:11 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.02.2011 11:01:19 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
[ System Events ]
Error - 19.11.2010 20:06:56 | Computer Name = DirtyHarry-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 20.11.2010 08:24:55 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
Error - 20.11.2010 21:21:33 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
Error - 21.11.2010 06:07:04 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FD4A62-8A2A-15D9-1372-EA9FF6C2D8A3}" = FlipShare
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93FD6568-A974-4292-B02E-AA9D90AEC13B}" = RUNAWAY 2 - The dream of the turtle
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C3DA8603-64E5-48F6-00AB-2FB1C029CCEB}" = NBA LIVE 07
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"DivX Setup.divx.com" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Google Chrome" = Google Chrome
"Grand Theft Auto" = Grand Theft Auto
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"LManager" = Launch Manager
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MyCamera" = Canon Utilities MyCamera
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Uninstall_is1" = Uninstall 1.0.0.1
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2011 06:06:01 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 08:25:34 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 11:07:13 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 18:13:16 | Computer Name = DirtyHarry-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1164 Startzeit:
01cbcad18a28ad4d Endzeit: 27 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
47695825-36f5-11e0-9ebf-705ab6d56715
Error - 13.02.2011 06:27:26 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.02.2011 06:42:32 | Computer Name = DirtyHarry-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften
Prozesses: 0x2e0 Startzeit der fehlerhaften Anwendung: 0x01cbcb69a1218571 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f5bdc513-375d-11e0-b195-705ab6d56715
Error - 14.02.2011 06:49:44 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.02.2011 08:31:08 | Computer Name = DirtyHarry-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1154 Startzeit:
01cbcc3634253249 Endzeit: 35 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
48b0020f-3836-11e0-8d14-705ab6d56715
Error - 14.02.2011 11:01:11 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.02.2011 11:01:19 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
[ System Events ]
Error - 19.11.2010 20:06:56 | Computer Name = DirtyHarry-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 20.11.2010 08:24:55 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
Error - 20.11.2010 21:21:33 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
Error - 21.11.2010 06:07:04 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FD4A62-8A2A-15D9-1372-EA9FF6C2D8A3}" = FlipShare
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93FD6568-A974-4292-B02E-AA9D90AEC13B}" = RUNAWAY 2 - The dream of the turtle
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C3DA8603-64E5-48F6-00AB-2FB1C029CCEB}" = NBA LIVE 07
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"DivX Setup.divx.com" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Google Chrome" = Google Chrome
"Grand Theft Auto" = Grand Theft Auto
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"LManager" = Launch Manager
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MyCamera" = Canon Utilities MyCamera
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Uninstall_is1" = Uninstall 1.0.0.1
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2011 06:06:01 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 08:25:34 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 11:07:13 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.02.2011 18:13:16 | Computer Name = DirtyHarry-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1164 Startzeit:
01cbcad18a28ad4d Endzeit: 27 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
47695825-36f5-11e0-9ebf-705ab6d56715
Error - 13.02.2011 06:27:26 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.02.2011 06:42:32 | Computer Name = DirtyHarry-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften
Prozesses: 0x2e0 Startzeit der fehlerhaften Anwendung: 0x01cbcb69a1218571 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f5bdc513-375d-11e0-b195-705ab6d56715
Error - 14.02.2011 06:49:44 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.02.2011 08:31:08 | Computer Name = DirtyHarry-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1154 Startzeit:
01cbcc3634253249 Endzeit: 35 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
48b0020f-3836-11e0-8d14-705ab6d56715
Error - 14.02.2011 11:01:11 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.02.2011 11:01:19 | Computer Name = DirtyHarry-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
[ System Events ]
Error - 19.11.2010 20:06:56 | Computer Name = DirtyHarry-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 20.11.2010 08:24:55 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
Error - 20.11.2010 21:21:33 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
Error - 21.11.2010 06:07:04 | Computer Name = DirtyHarry-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für .NET Framework 4 unter
Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 für x64-basierte Systeme (KB2160841)
< End of report >
OTL ist im Anhang weil es zu Groß ist: |
|
27.02.2011, 14:11
| #10 |
| /// Malware-holic | 2. Laptop; Trojaner; Sparkasse. Win7 64bit und otl.txt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2011, 14:13
| #11 |
| | 2. Laptop; Trojaner; Sparkasse. Win7 64bit Die ist als Anhang im letzten Post. Die hat irgendwie über 400T Zeichen und passt hier nicht rein. |
|
27.02.2011, 14:15
| #12 |
| /// Malware-holic | 2. Laptop; Trojaner; Sparkasse. Win7 64bit sieht gut aus. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2011, 15:03
| #13 |
| | 2. Laptop; Trojaner; Sparkasse. Win7 64bit So hier ist der Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5892
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
27.02.2011 14:54:45
mbam-log-2011-02-27 (14-54-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 319007
Laufzeit: 34 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
27.02.2011, 15:08
| #14 |
| | 2. Laptop; Trojaner; Sparkasse. Win7 64bit Übrigends (ich habs gerade hier gelesen) ist mir wieder eingefallen, dass die Bank schrieb das es wahrscheinlich der Trojaner Spyeye wäre. Vllt ist das noch wichtig.  |
|
27.02.2011, 15:17
| #15 |
| /// Malware-holic | 2. Laptop; Trojaner; Sparkasse. Win7 64bit avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig. den update auftrag auf 1x pro tag einstellen. und "nachhohlen falls zeit überschritten" auswählen klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu 2. Laptop; Trojaner; Sparkasse. Win7 64bit |
| .dll, antivir, avg, brief, datei, desktop, e-banking, folge, free, google, hack, internet, java, laptop, log files, microsoft, modul, namen, nt.dll, otl scan, programm, prozesse, registry, service pack 1, software, sparkasse, suche, systray, trojaner, versteckte objekte, verweise, virus gefunden, warnung, win7, win7 64bit, windows |
Linear-Darstellung
