|
Log-Analyse und Auswertung: Windows Recovery MalewareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.03.2011, 23:35 | #16 |
| Erneuter OTL-Scan... OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2011 23:29:50 - Run 5 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Machete 81\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 3,91 Gb Free Space | 1,29% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 21,95 Gb Free Space | 14,57% Space Free | Partition Type: NTFS Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ========== MOD - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ISPwdSvc) -- File not found SRV - (comHost) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (ccSetMgr) -- File not found SRV - (ccEvtMgr) -- File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FSCLBaseUpdaterService) -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () SRV - (StarWindServiceAE) -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (OlyCamComm) -- C:\Windows\System32\drivers\OlyCamComm.sys (OLYMPUS IMAGING CORP.) DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (CyberLink Corp.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys () DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15015&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http:google" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.03 20:18:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.03 20:18:08 | 000,000,000 | ---D | M] [2009.01.25 13:22:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions [2011.01.23 21:31:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions [2009.08.13 17:38:32 | 000,002,236 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\askcom.xml [2009.05.07 16:07:36 | 000,000,894 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\conduit.xml [2009.08.30 12:38:03 | 000,002,321 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\forestle-de.xml [2010.10.22 14:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.10.24 17:27:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008.12.04 16:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.18 19:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009.09.02 02:01:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.03 20:18:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.03 20:18:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.03 20:18:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.03 20:18:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.03 20:18:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.24 22:59:49 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) O4 - Startup: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 83.169.186.225 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.24 22:59:47 | 000,000,000 | ---D | C] -- C:\_OTL [2011.03.24 19:21:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe [2011.03.24 00:02:51 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\AppData\Roaming\Malwarebytes [2011.03.24 00:02:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.24 00:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.24 00:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.24 00:02:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.24 00:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.24 00:02:00 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe [2011.03.22 02:44:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe [2011.03.22 02:18:48 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.03.12 20:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\Neuer Ordner [2011.03.12 20:03:26 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\SOFA [2011.03.09 09:35:09 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 09:35:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 09:35:09 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 09:35:09 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.02.23 00:30:56 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\elsterformular ========== Files - Modified Within 30 Days ========== [2011.03.24 23:18:44 | 000,001,356 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat [2011.03.24 23:18:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.24 23:18:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.24 23:17:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.24 23:17:55 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2011.03.24 22:59:49 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.03.24 19:21:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe [2011.03.24 19:19:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe [2011.03.24 00:02:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.24 00:02:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe [2011.03.22 10:14:37 | 000,342,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.17 23:01:40 | 004,711,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.17 23:01:40 | 001,858,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.17 23:01:40 | 001,436,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.17 23:01:40 | 001,299,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.16 00:11:21 | 000,168,960 | -H-- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.28 20:47:35 | 000,052,157 | -H-- | M] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf [2011.02.28 20:39:02 | 000,082,595 | -H-- | M] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo ========== Files Created - No Company Name ========== [2011.03.24 00:02:38 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.22 10:12:36 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys [2011.02.28 20:47:35 | 000,052,157 | -H-- | C] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf [2011.02.27 18:45:06 | 000,082,595 | -H-- | C] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo [2011.01.21 00:29:26 | 000,000,760 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss [2010.08.28 23:12:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini [2010.08.28 23:12:56 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe [2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2010.04.23 22:23:47 | 000,000,468 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.09.24 17:39:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 17:39:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 17:39:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.09.15 00:23:30 | 000,107,572 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2009.02.25 02:33:54 | 000,024,227 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\UserTile.png [2009.02.22 23:02:45 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.02.13 18:42:32 | 000,000,034 | ---- | C] () -- C:\Windows\System32\oeminfo.ini [2008.12.04 17:59:06 | 000,178,992 | ---- | C] () -- C:\Windows\hphins26.dat [2008.11.15 20:11:59 | 000,000,339 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.11.15 16:36:59 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys [2008.11.05 19:25:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.11.01 23:20:10 | 000,001,356 | ---- | C] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat [2008.11.01 22:19:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.26 19:07:46 | 000,005,061 | -H-- | C] () -- C:\ProgramData\xqkcebzs.dik [2008.10.22 16:01:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.04 16:22:35 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2008.09.28 00:10:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2008.09.24 19:52:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.09.24 19:52:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.07.04 19:41:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.04.01 20:47:15 | 000,000,098 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\fusioncache.dat [2008.03.17 22:21:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.03.17 22:20:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.03.17 22:19:46 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.03.11 01:32:25 | 000,000,074 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\wklnhst.dat [2008.03.06 23:06:44 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.03.06 23:06:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.03.05 18:49:51 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.03.04 23:59:23 | 000,022,328 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\PnkBstrK.sys [2008.03.04 23:59:23 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.03.04 23:59:06 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.03.04 23:59:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.03.04 23:58:54 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.03.04 13:21:30 | 000,168,960 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.18 17:49:21 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat [2007.11.08 04:24:10 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2007.11.08 04:19:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll [2007.09.20 11:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2007.09.20 11:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll [2007.09.20 11:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.09.20 11:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2007.09.20 11:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2007.09.20 11:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2007.09.20 11:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2007.09.20 11:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2007.09.20 11:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2007.09.20 11:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2007.09.20 11:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2007.09.20 11:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2007.09.20 11:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2007.09.20 11:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll [2007.09.20 11:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2007.09.20 11:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2007.09.20 11:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2007.09.20 11:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2007.09.20 11:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.03.20 15:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini [2006.11.02 16:33:31 | 004,711,396 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 001,436,582 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,342,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 001,858,312 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 001,299,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.07 22:29:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\ASPRTMM0.DLL [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.02.26 10:08:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2004.05.24 19:33:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\LEXPING.EXE [2002.11.13 08:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll [2001.01.19 08:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE ========== Files - Unicode (All) ========== [2008.03.22 22:46:17 | 000,307,910 | -H-- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr [2008.03.18 21:10:04 | 000,307,910 | -H-- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr < End of report > |
24.03.2011, 23:36 | #17 |
| Teil 2 OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 24.03.2011 23:29:50 - Run 5 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Machete 81\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 3,91 Gb Free Space | 1,29% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 21,95 Gb Free Space | 14,57% Space Free | Partition Type: NTFS Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "D:\FlashGet universal\FlashGet.exe" = D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET) "D:\FlashGet universal\LiveUpdate.exe" = D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate "D:\FlashGet universal\LiveUpdateEx.exe" = D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{A592195F-3853-447D-97CC-04A56390286F}" = lport=3074 | protocol=6 | dir=in | name=xbox | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045D0F5B-F82F-4C2B-8EE5-D0FC4084D816}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0614E0E1-FEE1-47BC-A2AB-A414B31C8CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{08EBB26F-C52B-410E-A1C7-9448C23010C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0B0863C0-3E55-43AF-B9A9-EB08A7C24A95}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0E4DF7E7-7F40-4D29-9A85-47F2982DCC4B}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords.exe | "{1186921C-3036-41DF-80ED-965280E2C839}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12809EA2-4377-405A-9165-7F4E55108277}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | "{12CC7ED6-2795-4C88-A8B8-156C4E37AE56}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{14478ECB-C683-4196-888D-7588B07BE9EF}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords.exe | "{14E78BD5-0BBF-47B7-92B1-39BC8A8BFB0C}" = protocol=17 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{164E2CA5-7D20-48AD-B6F6-C6BDE354FEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{171BEE58-157F-4BE5-8394-64CEA8D020FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{17BCBF6F-14B9-4E7D-BB84-7C3A7243A18F}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe | "{1B41E50D-7E42-4721-A8F5-F275C5A8D904}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{23325B47-3AA4-45FB-8C3E-D6C40822B9EF}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | "{24494E33-0BD3-4640-8425-29458F42BF85}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{259AEB18-A001-4329-8DD8-143ECBB5F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{25EE09B7-B0BA-4875-92BE-B591083113C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2707859D-DD2D-40B1-A0BD-88AD1A9A867C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{28BCF680-1225-46E1-AC02-E02E34E78B9C}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\civilization4.exe | "{299ADD0A-78B0-465B-AC23-99C972AB2534}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{2A57D064-CB30-4D98-8762-0A0162D2D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2AC80058-DFA8-4D35-85A3-64496D2883E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C18CB93-96A5-4031-ABCC-7933FFA8DBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C236274-B307-4EEA-8165-1431A5EECE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D17D5A9-891F-4C36-BB91-4DD0E6640B02}" = protocol=6 | dir=in | app=c:\spiele\nwn2server.exe | "{2D18454C-00DA-4B46-BF34-7B8FAEAFD686}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{2E7F3BAF-EA97-4CEC-813C-50EB064BC40C}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{2ED08F11-4B2C-4420-BB7F-7019457D0698}" = protocol=6 | dir=in | app=c:\spiele\nwn2main.exe | "{327D1DB4-4BDF-41DD-9383-C54B8E59BAC4}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | "{3348DDC0-154D-4CFC-B753-8DFD9420C5C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33FFBAFD-40C1-423D-9E36-8A80B4976493}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{34F7FEED-5A34-4169-B4A5-EB926551FAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3550F539-3454-4A03-80DF-91944DB8EA36}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{365E3FD2-77BE-42D2-91EC-7130FEB01376}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{36D34AAB-8F69-4E07-B7C7-96AC28EEC003}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{37805A21-C448-4852-8E36-6A15283E00E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AFBFC11-A486-4E74-8EB6-1753624725F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3CD37345-D80C-4328-A79C-3ADE666A64E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E74B161-3361-43E0-A650-FED97A8A0C95}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{3EF48B45-1881-4C03-81D6-D8BB950F2FB5}" = protocol=17 | dir=in | app=c:\spiele\nwn2server.exe | "{44340A1D-975C-4BCF-AFF7-61E7274051FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{49F50F32-4D7D-4EDB-991E-A1BEC19CA342}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A5A2922-F660-44CB-ACCC-39261DCAD9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A68FB0D-A4BB-4B27-88FA-EC9DF5B46142}" = protocol=6 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{4F0790F9-368C-4CDE-9218-7477FA79D089}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{51AAB595-1396-414A-B084-67929E0BBFDE}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe | "{564709A0-BE91-4B7A-A0DC-497019E2FA10}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{59EB79A6-2A57-4094-BD8F-5BB5606BA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B8CAEFF-B4CC-43E9-B771-6C2717A3A349}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C373DE3-A7AE-4A91-89CF-6A8A0D5E742C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E36D34D-A8D8-4186-ADA0-1E0E92C46921}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E55062F-9EEA-4895-821E-5F3B1C85D409}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{61A244BB-ED04-482E-A25A-3A6CDEF7D70E}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | "{622D0098-FAB5-4C89-8380-9886B0479135}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{67DE7D5E-DECB-44E2-ADBB-A9778177DE53}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{689B3037-F52B-4753-8953-4DBA398773C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D05A97F-4587-48A2-8E33-2CAFE9CEF4D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6DDB2E27-94B9-46AC-9746-5ABF74698700}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6FD74FC8-F9CE-4E2D-8D76-04C00D43FBFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{724AE84B-6120-4F17-87D0-346620B7D3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{724B3A19-3FC8-4961-8DA5-EA578258A6F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{72B8BA8B-1B16-49C9-9589-FC49C45CB16C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{73E1AD91-065D-49D0-B93B-071B09CACF60}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{74A43D91-388E-4C04-8110-7FC568BF6F86}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{76A360B9-7922-43F1-9417-3C04D14AD0B3}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{7701D70D-6110-4988-80B3-DEF57F4DF188}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{79BA966B-EDD1-418C-BED2-B911404ED313}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7A8F9DC6-271A-40EB-B606-3A20E4C936C5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{7B333CE5-F9CD-4554-9068-E2618C44DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{816165EB-9D23-40BF-AEBF-6B5BE4ADA43F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{829C9A20-F460-41EA-8B76-874172D48B40}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89835FAB-93B7-4D16-B2A2-4C7C34BEF9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89CDAB74-35A9-40E1-9639-4D154CC3EF44}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8CE352CB-B0C3-4697-9CCA-1B2D2C506425}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{901A6F21-AD02-4D4E-859A-F58EA49FC566}" = protocol=17 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{90DDB494-1316-47A4-B674-78E240A1A0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{91264671-1AA1-4397-9928-E2695C6EBC2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{912BDF7B-9B2D-4F5F-AADE-29DC3A8A43C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{919AD030-5D4D-47BA-B633-40D7CF7DC9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{93448291-9851-4132-A1AA-B0FA0BA6CA68}" = protocol=17 | dir=in | app=c:\spiele\nwn2main_amdxp.exe | "{935AD72A-DBD7-4CEF-95A2-39FCD65590FC}" = protocol=6 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{941B80C3-BAC5-44F6-BEE2-E83B97C09E9B}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | "{9619A50B-FBC3-4B86-A7E3-EAA486C1A49C}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{96EA8C50-965E-4F9E-811E-CCE93888BFE4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{9820B525-9E5D-4EDE-8D6E-76404977BDA5}" = protocol=6 | dir=in | app=c:\spiele\nwn2main_amdxp.exe | "{9DA55D1A-D2CE-4923-9E9E-FEECF0BA5868}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9EA4DBBB-DCD6-4337-B395-4B5B9146181A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{9F02B04C-A374-4C59-AA2A-8C4DF403E051}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9F2181F6-D4DB-451C-8D30-33AE9A61B1FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9FAAF4C3-7D39-46F4-A7D1-74AC420E174B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A2B0CD8E-41A1-4CF0-88F7-C21038553C1B}" = protocol=17 | dir=in | app=c:\spiele\nwupdate.exe | "{A875CC5B-8776-4708-8FAC-68F170F7709B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A8DF47FD-846F-4A8F-AAA0-81CB672FE370}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{A9792BCA-17AE-4D8F-815E-665317468A60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AFBE62D2-C76D-4CF7-8C0C-02EE2D66E256}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4330B65-B71B-42A7-91B3-0076D3283368}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | "{B6E67F99-8B79-44B5-AF4C-8AA4B9FEC66E}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | "{B7D45E18-7C59-4178-9E01-727C1BFFD588}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B9AE10E7-0A0B-4C13-B316-93D381A66D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BB26BBF2-47BA-4576-93A4-54F8EB3DA3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BB3B26EB-7EF8-4792-B11A-7368767B184F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{BDEDCEC1-5DE5-4A1F-A8A4-8C0357C62B00}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BDFF4C76-5CD7-45F5-8F38-F669118F683A}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "{BF23A919-743A-43A6-8642-A72AE73CFD67}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{C05B72CC-B3DD-4CF3-80A7-F2E4A8CBAE48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C296BA3C-1EE3-4D72-A210-E62D3952CD8C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{C7F68983-FD6C-4811-B768-5ACC09A233AA}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{C997E58C-5FA3-41B6-AB7E-0F73335F2ACC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CA51F6EC-9575-484C-BD94-6C44CECE4E2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D05B0F58-9962-403F-9EDC-1A0BAE70E12E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D2B28F81-BA5B-41AA-A9D9-680A856BF95A}" = protocol=6 | dir=in | app=c:\spiele\nwupdate.exe | "{D45D9309-BDFF-4FF7-96C7-58C32B76EE72}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D51BF14E-B21A-492C-A1D7-1EA17F3B6147}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{D6C09D8E-4DA8-42D8-9221-542CD4249FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DE206CDD-C56C-4A3F-90D3-FFBF69968B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0F09885-846C-4E44-A823-9B4164D519EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E4B3668E-F36F-41E1-A269-E00ADBFCFE71}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E6084C69-1CB9-4DC4-A28A-559AEEF639D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E7FBBE6C-B169-44FA-B4F4-54A718EA3D59}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9BB054A-BAB3-4163-8352-57600A9C6094}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EA8D9E48-3223-461A-BD4D-DB014A82D185}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | "{EBF55C22-A5DA-4B1F-A676-96CBEEDD7F96}" = protocol=17 | dir=in | app=c:\spiele\nwn2main.exe | "{EC34750E-92B7-4DE0-AE4D-46C72D9732FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ECD7B9F7-4E23-464F-A0E0-EBA4AD58954B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED869367-8C8D-4D24-A4FB-1E4ECE69EB96}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{EFBD7BF4-CA20-41CB-A775-D28A4AE47559}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F06C3B19-80C2-4C9B-8924-2C0AD0801BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F18D825F-B77F-4F31-8F19-DA9BBC07DC0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F1F8BA62-34C7-414E-A0E3-980DBFEA91D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F3AF1DE9-ABF0-4DEB-BA42-811D4A9FA851}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\civilization4.exe | "{F6DA034C-68B5-4DE0-8A4C-2B39CA060864}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F799F199-77E0-49CB-9852-34BCEC001E18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F79EA545-83E7-46C0-87B4-222A4C02C58D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F7CA699C-99FC-47D2-B747-9F6BF33091C8}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | "{F7E281C1-8AD5-4233-87C3-B27308569725}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | "{F7EA93F2-35BB-4D50-8AC2-2E9989C138CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8D47FFE-6313-4D13-9431-3F681B9A3CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FBC823D7-FBE3-4B44-8E06-84652CBEBF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FD51BB9E-1A89-4281-B590-C5A8F59D504C}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "{FF4D05AF-A441-412F-935F-2104EF42DD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{1EF81E8B-E125-4809-88F6-4FAF83B55004}C:\spiele\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\spiele\bin32\farcry.exe | "TCP Query User{31355AF5-552F-451F-9CCF-2240EF6DD52C}D:\flashget universal\flashget.exe" = protocol=6 | dir=in | app=d:\flashget universal\flashget.exe | "TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{38534942-078C-4F37-A89E-446C720A8600}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{3EADBA74-EFDB-42D5-912F-510FED104C7A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{4AF95445-0792-4B33-8DC6-140D44EB81BF}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{60E1F0E4-BC19-42CD-ABE0-46C9A337BD99}C:\spiele\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\spiele\far cry\bin32\farcry.exe | "TCP Query User{621238A9-D48B-4DEC-B743-831F060D15DF}C:\users\machete 81\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\machete 81\appdata\local\temp\nero web\setupxu.exe | "TCP Query User{6B4AF642-7806-4DE8-96F1-A1C0C68D229D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe | "TCP Query User{98617C64-04A3-46BA-BB49-9E03520176D0}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | "TCP Query User{F538F40B-DB74-431C-BCA7-20B09C37F5C9}C:\users\machete 81\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | "TCP Query User{F995EF0B-823D-4884-B55C-2D728FA2C354}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{FD44873F-3CD6-4E75-82EF-7FC1ABDA4AAA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{1DC48A1E-0479-457A-87BA-BF31C0D89FD0}C:\users\machete 81\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\machete 81\appdata\local\temp\nero web\setupxu.exe | "UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{1FD311DE-4AC4-45CE-AD2C-9D2ADB4D2B05}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{238501B8-F605-44F2-A2BD-B8C70325870E}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe | "UDP Query User{31A85139-3202-498E-918F-6D8D6A5DAEA3}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{3D7E44EB-3DA4-47F2-9529-0101F8EA21C2}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | "UDP Query User{53165DFE-4380-4B54-A753-E6186DB0849D}D:\flashget universal\flashget.exe" = protocol=17 | dir=in | app=d:\flashget universal\flashget.exe | "UDP Query User{7E05D34C-3F3E-4379-B7C7-0A0E2C8C5569}C:\spiele\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\spiele\bin32\farcry.exe | "UDP Query User{9C8561FE-B791-4CE4-9D6C-E91E1A3623E6}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{A09F04D7-BE9B-472D-B41F-4150872E3ECA}C:\spiele\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\spiele\far cry\bin32\farcry.exe | "UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{D67B791C-459C-44D6-A69A-4BDEEF56FF3F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{E9048B17-641B-4DCA-B5F7-503864F0252F}C:\users\machete 81\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | "UDP Query User{FF90E459-DAD2-4323-9CC8-679CB325B4B8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars "{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22 "{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite "{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Anno 1701 Launch Tool_is1" = das Anno 1701 Launch Tool 1.0 "Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.35 "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "DivX Setup.divx.com" = DivX-Setup "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender "FlashGet 2.0" = FlashGet 2.0 "Free Audio Editor" = Free Audio Editor "Free YouTube Download_is1" = Free YouTube Download 2.9 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Gehirnjogging - Der Trainer fürs Gedächtnis..." = Gehirnjogging - Der Trainer fürs Gedächtnis... "HD-FotoShow_is1" = DATA BECKER HD-FotoShow "HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "InstallShield_{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ "InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib "KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17) "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Steam App 8930" = Sid Meier's Civilization V "SystemRequirementsLab" = System Requirements Lab "Totally Free Tag Editor_is1" = Totally Free Tag Editor "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VideoLAN VLC media player 0.8.6e "Voozie Maker" = Voozie Maker "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR "Xilisoft Video Converter" = Xilisoft Video Converter 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.06.2010 02:35:30 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.06.2010 02:35:30 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.06.2010 16:54:19 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.06.2010 16:54:19 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.06.2010 06:24:43 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.06.2010 06:24:43 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.06.2010 05:02:38 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.06.2010 05:02:38 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 22.06.2010 04:23:29 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 22.06.2010 04:23:29 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Media Center Events ] Error - 11.02.2010 15:43:52 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 22.02.2010 19:13:39 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 21.03.2010 18:47:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 23.04.2010 20:33:37 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.06.2010 10:55:04 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 19.08.2010 17:05:19 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.10.2010 21:44:15 | Computer Name = Machete81-PC | Source = Recording | ID = 19 Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/14/2010 03:44:15 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen. Error - 22.10.2010 20:31:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 23.10.2010 19:56:49 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 05.11.2010 15:28:56 | Computer Name = Machete81-PC | Source = Recording | ID = 19 Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/05/2010 20:28:56 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen. [ System Events ] Error - 24.03.2011 17:23:31 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001 Description = Error - 24.03.2011 17:23:31 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022 Description = Error - 24.03.2011 17:23:31 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026 Description = Error - 24.03.2011 17:59:47 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034 Description = Error - 24.03.2011 18:03:51 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001 Description = Error - 24.03.2011 18:03:51 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022 Description = Error - 24.03.2011 18:03:51 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026 Description = Error - 24.03.2011 18:19:43 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001 Description = Error - 24.03.2011 18:19:43 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022 Description = Error - 24.03.2011 18:19:43 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
24.03.2011, 23:48 | #18 |
| Windows Recovery Maleware oh, sorry, den Fix sollte ich ja nochmal machen.....hab mich vertan.
__________________ |
25.03.2011, 00:08 | #19 |
| Windows Recovery Maleware also mit dem selben Ergebniss, erst Automatischer Neustart und dann schwarz, manuell aus und dann geht es soweit... bin halt Anfänger, was ist denn mit den mit Firewall und so, muss das auch aus beim FIX oder Scan?? |
25.03.2011, 10:44 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Maleware Der Fix müsste aber geklappt haben. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.03.2011, 14:31 | #21 |
| Windows Recovery Maleware es kommt eine Garantiemeldung von Combofix und Warnungen das das Programm auf eigene Verantwortung scannt....auch noch was mit Bankverbindung... Hab die Fenster jetzt über Taskmanager geschlossen weil sie nicht schliessen liessen. Da stand auch was, das die Seiten nicht mit ComboFix verbunden sind....??? Geändert von machete81 (25.03.2011 um 14:33 Uhr) Grund: Erweiterung |
25.03.2011, 14:32 | #22 |
| Windows Recovery Maleware Also sollte ich aber für weitere Vorgehensweisen die Firewall und jegliche Schutzvorrichtungen von Windows und Avirdeaktivieren?? Soll ich denn jetzt ComboFix oder den CCleaner machen? Oder ist es das gleiche? Hab mir auch grad den CCleander von deinem Link geladen....? Soll ich die Anleitung dafür befolgen, bin nur verwirrt weil es einmal ComboFix und den CCleaner hier gibt? Geändert von machete81 (25.03.2011 um 14:50 Uhr) |
25.03.2011, 16:20 | #24 |
| Windows Recovery Maleware Ganz grosses Kino...sorry, das ich die Anleitung missverstanden habe, oder besser gesagt: wer lesen kann ist im Vorteil...jedenfalls nach langen hin und her kann ich wieder auf meine Daten zugreifen, das ist für mich das schönste...hab eine Woche gezittert....hatte schon das Gehäuse vom PC aufgemacht, Lüfter ausgebaut, Wärmeleitpaste nachgeguckt ( soweit hatten mir Kumpels erzählt)...vorsichitg ausgesaugt ( war ziemlich verstaubt die Kiste)....weil mir eben das FakeProgramm 83° im Rechner angezeigt hat und so ne Scherze...für nen Profi klingt das bestimmt lustig. Naja, Platinen entstauben und Ventis reinigen kann ja nicht schaden, Gut, Du hast besseres zu tun als Texte von Laien zu lesen... Wolte fragen ob du mir noch allg. jetzt Tipps geben kannst. Z.B. bessere Prävention oder was ich jetzt noch nach dem Scan tun könnte. Auf jeden Fall meinen herzlichsten Dank, das war ne Superhilfe und danke für die schnellen Antworten und die Geduld. Ein schönes WE noch. |
25.03.2011, 16:40 | #25 |
| ComboFixLogfile Combofix Logfile: Code:
ATTFilter ComboFix 11-03-24.06 - Machete 81 25.03.2011 15:33:48.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.1271 [GMT 1:00] ausgeführt von:: c:\users\Machete 81\Desktop\cofi.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\firststeps\FirstSteps.exe c:\users\Machete 81\AppData\Roaming\Microsoft\Windows\Cookies\Index_9A5FF4EA.dat c:\users\Machete 81\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_9A5FF4EA.dat C:\yusedehxxx.exe c:\yusedehxxx.exe\config.bin . . ((((((((((((((((((((((( Dateien erstellt von 2011-02-25 bis 2011-03-25 )))))))))))))))))))))))))))))) . . 2011-03-25 14:43 . 2011-03-25 14:44 -------- d-----w- c:\users\Machete 81\AppData\Local\temp 2011-03-25 14:43 . 2011-03-25 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-25 13:45 . 2011-03-25 13:45 -------- d-----w- c:\program files\CCleaner 2011-03-24 21:59 . 2011-03-24 21:59 -------- d-----w- C:\_OTL 2011-03-23 23:02 . 2011-03-23 23:02 -------- d-----w- c:\users\Machete 81\AppData\Roaming\Malwarebytes 2011-03-23 23:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-23 23:02 . 2011-03-23 23:02 -------- d-----w- c:\programdata\Malwarebytes 2011-03-23 23:02 . 2011-03-23 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-23 23:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-22 20:09 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2711E4E-381B-480B-9D2F-BADA784D9AEE}\mpengine.dll 2011-03-09 08:35 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll 2011-03-09 08:35 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll 2011-03-09 08:35 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-03-09 08:35 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-09 08:35 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll 2011-03-09 08:35 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 16:11 . 2009-10-02 17:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-08 08:47 . 2011-02-09 20:01 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 06:28 . 2011-02-09 20:01 292352 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:57 . 2011-02-09 20:05 2039808 ----a-w- c:\windows\system32\win32k.sys 2010-12-28 15:55 . 2011-01-19 23:56 413696 ----a-w- c:\windows\system32\odbc32.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "Skytel"="Skytel.exe" [2007-08-03 1826816] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-16 805392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R0 vtqitth;vtqitth;c:\windows\System32\drivers\xvqrxl.sys [x] R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224] R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648] R3 PAC207;USB PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-04-01 715248] S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2007-01-23 11904] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112] S2 FSCLBaseUpdaterService;FSCLBaseUpdaterService;c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536] S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2007-01-23 207872] S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2007-01-23 299776] S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2007-01-23 149504] S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2007-01-23 498176] S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2007-01-23 23552] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - COMHOST . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2010-12-11 c:\windows\Tasks\olycamdetect.exe_20101211_202902_0886.job - c:\program files\Olympus\ib\olycamdetect.exe [2010-09-30 10:47] . 2010-12-11 c:\windows\Tasks\olycamdetect.exe_20101211_233336_0744.job - c:\program files\Olympus\ib\olycamdetect.exe [2010-09-30 10:47] . 2011-02-19 c:\windows\Tasks\{1A4C63F3-D99B-4E54-ABAE-B8C141A77285}.job - c:\program files\Skype\Phone\Skype.exe [2011-01-26 16:05] . 2011-02-19 c:\windows\Tasks\{991E9A86-84A9-4D5D-AEC3-B1A066CFB0CB}.job - c:\program files\Skype\Phone\Skype.exe [2011-01-26 16:05] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.ask.com?o=15015&l=dis IE: &Download All by FlashGet - d:\flashget universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - d:\flashget universal\ComDlls\Bholink.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube Download - c:\users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 Trusted Zone: winamp.com\client FF - ProfilePath - c:\users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - http:google FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-Anno 1701 Launch Tool_is1 - c:\spiele\Annozone\Launch1701\unins000.exe AddRemove-Gehirnjogging - Der Trainer fürs Gedächtnis - c:\progra~1\HAPPYN~1\GEHIRN~1\UNWISE.EXE AddRemove-HPExtendedCapabilities - c:\program files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe AddRemove-KLiteCodecPack_is1 - c:\program files\DivX\DivX Codec\K-Lite Codec Pack\unins000.exe AddRemove-MAGIX Goya burnR D - d:\program files\MAGIX\Goya_burnR_mxcdr\instslct.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-03-25 15:44 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2758002094-1331132073-3546366009-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:87,f9,ad,6e,68,12,49,e2,2f,2a,5b,52,c9,d7,50,39,0a,f5,cf,16,6d, e1,ff,9d,46,00,f2,09,06,e8,65,1a,03,99,2e,f0,54,7c,6e,05,fb,d2,7d,70,1b,8e,\ "rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7 . Zeit der Fertigstellung: 2011-03-25 15:47:15 ComboFix-quarantined-files.txt 2011-03-25 14:47 . Vor Suchlauf: 5.203.918.848 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 14.402.498.560 Bytes frei . - - End Of File - - CAED2A7CCE996DBE77317624A80271E3 |
25.03.2011, 18:13 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Maleware Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver:: vtqitth File:: c:\windows\System32\drivers\xvqrxl.sys 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.03.2011, 20:07 | #27 |
| Logfile Cofi Hallo..bin mir nicht sicher ob das die richtige Datei ist....habe die bei mir in C:\cofi gefunden... mein Rechner hat immer Probleme bei Neustarts und nach den Neustarts von ComboFix sehe ich meist nur die Maus. Ist vielleicht nach dem Wiederhochfahren ein Problem mit der Grafikkarte oder dem Signal weil es auch vorkommt das der Monitor kein Signal bekommt und kann dann im besten Fall über den Taskmanager richtig aus machen ( runterfahren, oder per Knopfdruck ) dann wieder den Rechner anmachen und dann fährt er richtig hoch und ich kann auf alles zugreifen. Zumal ich immer den "Schwarz/Weiss-Schirm: "Windows wurde nicht richtig heruntergefahren" ( denke du weisst was ich meine) dann habe, weiss nicht ob sich das auf das Speichern der Logdatei Auswirkungen hat, aber ich schweife jetzt auch ab. naja, erstmal die Logfile. ComboFix 11-03-26.02 - Machete 81 27.03.2011 20:26:48.2.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.1281 [GMT 2:00] ausgeführt von:: C:\Users\Machete 81\Desktop\cofi.exe Benutzte Befehlsschalter :: C:\Users\Machete 81\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt FILE :: "c:\windows\System32\drivers\xvqrxl.sys" (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_vtqitth ((((((((((((((((((((((( Dateien erstellt von 2011-02-27 bis 2011-03-27 )))))))))))))))))))))))))))))) Geändert von machete81 (27.03.2011 um 20:22 Uhr) |
27.03.2011, 21:18 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Maleware Größer ist das Log nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
27.03.2011, 21:54 | #29 |
| Windows Recovery Maleware ich weiss ja nicht ob es die richtige Datei ist?ComboFix fragt nach nem Neustart und ich weiss nicht wo die Datei sonst abgespeichert wird...unter dem angegebenen Speicherort ist keine Datei. Der Neustart haut denn aber nicht genau hin, d.h. ich sehe manchmal nur den Mauszeiger und kann bestenfalls den Taskmanager starten. Ansonsten sind da noch ein paar andere Textdateien. mbr,OsId, pend, Resident, version und eben eine die ComboFix benannt ist.? Kannst du mir grob sagen was denn mit meinem Rechner los ist bitte? |
28.03.2011, 08:49 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Maleware Vergessen wir das Log. Ich seh aus dem Teil, dass das, was weg sollte, offensichtlich gelöscht wurde. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows Recovery Maleware |
anti-malware, appdata, bösartige, dateien, explorer, fehlermeldungen, festplatte, festplatten, files, maleware, microsoft, minute, nicht mehr, platte, platten, problem, programdata, recovery, service, software, temporary, value, version, windows, zugreifen, ähnliches |