| Yetzirah | 28.12.2010 13:39 |
Hallo,
hier noch ein paar zusätzliche Logs.
HiJackThis Log: Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:29:44, on 28.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52586
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] "C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MotionSD STUDIO - Autostart SD Browser -.lnk = C:\Program Files (x86)\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10963 bytes
Und die beiden OTL Logs:
OLT Log: Code:
OTL logfile created on: 28.12.2010 14:07:09 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.gamestar.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Programme\browserrecord\firefox\ext [2009.12.25 15:34:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.18 10:46:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.18 10:46:18 | 000,000,000 | ---D | M]
[2008.12.31 00:08:53 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Extensions
[2010.12.28 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions
[2010.04.30 13:53:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.29 12:52:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.03 00:50:34 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.12.29 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\imagedownload@whygudu.iblog.cn
[2010.12.22 13:10:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.14 15:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.26 20:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 13:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.14 01:41:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.14 01:41:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.14 01:41:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.14 01:41:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.11.14 01:41:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.12.27 03:48:33 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.12.28 14:05:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe
[2010.12.28 13:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\SUPERAntiSpyware.com
[2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.12.27 14:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.12.27 14:36:03 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.12.27 04:08:33 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\Desktop\Sicherheit
[2010.12.27 03:53:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.27 02:22:34 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Malwarebytes
[2010.12.27 02:22:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.27 02:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.27 02:22:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.27 02:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.27 01:31:30 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr
[2010.12.25 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Avira
[2010.12.22 13:10:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.12.21 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Stardock
[2010.12.21 17:52:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6C72D0C5-6D41-4646-A187-62A044E7F55E}
[2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010.12.21 17:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489}
[2010.12.21 17:39:20 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\PackageAware
[2010.12.18 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\Ironclad Games
[2010.12.18 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso
[2010.12.18 10:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.12.15 09:47:28 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 09:47:28 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 09:47:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.12.15 09:47:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.12.15 09:47:28 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 09:47:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 09:47:25 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 09:47:17 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 09:47:17 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 09:47:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 09:47:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.12.15 09:47:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.12.15 09:47:16 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.12.15 09:47:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.12.15 09:47:16 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 09:47:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 09:47:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 09:47:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.12.15 09:47:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 09:47:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 09:47:16 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.12.15 09:47:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.12.15 09:47:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.12.15 09:47:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.12.15 09:47:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 09:47:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.12.15 09:47:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.12.15 09:47:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.12.15 09:47:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.12.15 09:47:16 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 09:47:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 09:47:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.12.15 09:47:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 09:47:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 09:47:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.15 09:47:05 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 09:47:05 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 09:47:05 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 09:47:05 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 09:47:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 09:47:05 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.11.29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2008.11.02 01:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2010.12.28 14:07:39 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.28 14:07:39 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.28 14:07:39 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.28 14:07:39 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.28 14:07:39 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.28 14:05:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe
[2010.12.28 14:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.28 14:02:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.12.28 14:01:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.28 14:01:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job
[2010.12.27 16:56:33 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc
[2010.12.27 04:07:19 | 000,022,918 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg
[2010.12.27 04:06:53 | 000,110,068 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg
[2010.12.27 03:48:33 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010.12.27 02:02:13 | 000,004,379 | ---- | M] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
[2010.12.25 18:00:34 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101227-013740.backup
[2010.12.24 02:37:36 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101225-180034.backup
[2010.12.23 02:40:20 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101224-023736.backup
[2010.12.23 02:39:35 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-024020.backup
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.18 10:37:49 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-023935.backup
[2010.12.17 16:17:50 | 000,301,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.12 16:56:45 | 000,025,088 | ---- | M] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc
[2010.12.05 23:35:09 | 000,000,000 | ---- | M] () -- C:\Users\Allgemein\Documents\NEWSOFT
[2010.12.05 15:28:35 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc
[2010.11.29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
========== Files Created - No Company Name ==========
[2010.12.27 15:51:37 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc
[2010.12.27 04:07:14 | 000,022,918 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg
[2010.12.27 04:06:41 | 000,110,068 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg
[2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
[2010.12.12 16:40:37 | 000,025,088 | ---- | C] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc
[2010.12.05 15:18:01 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.04.10 16:49:49 | 000,437,210 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI213B.txt
[2010.04.10 16:49:49 | 000,012,578 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI213B.txt
[2010.01.08 20:07:21 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\memio.dll
[2010.01.08 19:27:35 | 000,000,293 | ---- | C] () -- C:\Windows\asfbinapp.INI
[2010.01.06 18:27:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.31 17:16:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.09.26 22:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.26 22:42:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.03.29 14:06:57 | 000,420,038 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI146E.txt
[2009.03.29 14:06:56 | 000,012,266 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI146E.txt
[2009.01.13 23:47:51 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009.01.13 23:46:50 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.01.11 20:46:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.07 13:43:12 | 000,000,000 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\wklnhst.dat
[2008.12.31 00:52:12 | 000,016,896 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.06 12:44:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.12.06 12:44:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008.11.01 17:30:21 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Acer GameZone Console
[2010.06.06 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Bioshock2
[2009.09.02 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Canon
[2009.12.22 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Chilirec
[2010.12.27 02:03:52 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr
[2008.12.30 22:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\eSobi
[2010.01.08 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\GSplit
[2009.12.10 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Lite
[2009.08.08 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2009.08.31 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2009.01.13 23:56:04 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\NewSoft
[2009.12.23 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Red Kawa
[2009.12.22 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Regensoft
[2009.01.13 23:46:47 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\ScanSoft
[2010.12.21 17:53:28 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Stardock
[2009.01.07 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Template
[2010.12.28 13:40:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job
========== Purity Check ==========
< End of report >
OTL Extras Log: Code:
OTL Extras logfile created on: 28.12.2010 14:07:10 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 9F 3C 58 EC 4B 91 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0240063B-1EB7-4F0A-8E93-E8CD96E22FC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{25BFF978-C264-4859-AE85-7DB82EE643C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DE0E038-5ADE-4B33-965F-32C3FD6C0A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40BCBEB3-82D5-47A3-B5FC-16D44011C3EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{5711C6B5-9DD6-4886-A79A-D85520181EEC}" = lport=137 | protocol=17 | dir=in | app=system |
"{69880AA5-1FCB-40B2-A84F-548239754790}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FDBF630-C604-454B-8B73-31B2379548E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B78A21A9-910C-4D91-B328-9A5B0B3475C2}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1419C83-EC22-479F-AC5D-F56C76A7CC36}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAF5A809-00FC-46AB-B487-E86B5A009296}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037FFE8B-1E0C-4198-B825-B0ACE994BC4C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |
"{0660CFC7-D1FB-4584-B077-BEC544B1A303}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{06D67C2F-1D90-483B-AC97-8714ACB840FB}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{07200103-3EB4-46D8-8E1A-C0BC22080E86}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{164ACAF1-B5CB-44F0-8523-9BC94E585EA0}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{174EB543-EC4D-4914-93B6-F45D1F1EFFD7}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{19AB0D20-8B39-467D-A26C-CAF693402058}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe |
"{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1F3F6B2A-4651-4647-B799-2C8655290083}" = protocol=6 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{2D29DBF0-9793-48A7-A7B5-2C57FD6F7575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{36A69E6B-D297-4E9D-B583-AE0E9069133A}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{3926A940-6255-4858-A59C-24BAD565C595}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{402BD6E0-AAFF-4C52-BB0D-64FFF30AC405}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe |
"{4184A000-B161-428B-ADD5-934103A25903}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{4281ACC4-2030-4650-AE7D-8071DF573B8C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{46B930B5-EBB9-453B-B1A8-612D63C3FE8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |
"{498BEF9C-FCB3-42B6-905E-B3944F793C45}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{4B8B7BF5-F04C-4483-85E1-7562E9C4A179}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{5126C1C9-D94B-402A-A6FB-F2AFC7015F56}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{5129E357-58C0-4E4F-A55C-246BD7507E41}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{5310592A-71E8-4BC6-B08A-EF08FFDD88EF}" = protocol=6 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe |
"{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{61D7544D-4383-4394-8A24-2C234FCD2B7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6310BD7E-5856-41D7-8996-B2F9706C807C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{67A06FA2-D024-476E-AC7C-563582D7B91B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{6E2DC041-A6D1-45B1-93A9-0A12E698FED1}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{6E6EC19A-F16F-43C3-98F5-5E0D3392F8AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{701DD33D-18F2-4CB9-B581-6061A43E3E52}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{72DC1A8B-8273-4CAA-89F2-4A103B21E4B7}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{749D543E-9632-43ED-A7D8-0A5F7B3ECF5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78758A6A-D50F-486E-AF12-BCA62339E8B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7EB20E0F-5B4D-4C92-A279-0865BC982169}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83E1B206-CF06-46C1-9A5E-7F9768D8C964}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{85E57662-992C-4163-A5B3-C521E7DA5105}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe |
"{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{99959467-C52F-4B68-8D9E-C1C33658B97A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A46525B4-B931-4C4B-9100-3D00B7728D78}" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat |
"{A8B9B93E-6010-4443-B7CF-B18798A56653}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{AA70CC46-4FBD-4A5E-BE55-C584F6BCD5DF}" = protocol=17 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe |
"{B33D8B01-E7E1-41ED-9284-DBBBA17B9295}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{BB5DA8A4-AFA8-4794-944E-0B055B3CA629}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{C5C0144D-72DB-4F08-8899-847F54A5336C}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C65C2B16-A094-4167-8DEB-774A35C6832A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{C8633C17-448C-48CE-9230-5E73BE8CCC06}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D6268E41-2892-42E4-AB00-7E83F83B5170}" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat |
"{D99BA6E2-A59F-489C-BF2B-5B478844FEC2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"{E3D6342A-6112-4779-82E2-1EA72E2AAB1A}" = protocol=17 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{E639A33A-6A8E-4377-8635-5DCFE4638CFB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{E7FB9B55-6DD9-4895-A297-930512CDD874}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{EAF8C6E1-08C5-4166-8276-9CE2FE715E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC35FF56-9005-4B46-916F-08A7DAE9F0BF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{ECAE6A72-D840-48B0-835D-9D0865449697}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{ECC7730F-A00E-4346-858A-294D2349CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2BFBB60-8BC5-4A94-97AF-645D64BA2B0F}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{F5C4D7E3-38DA-467B-9B93-FDB77C0FAE3B}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe |
"{FF75CFB6-2416-4865-9CBE-C4E3F5F8B42C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{33B5272F-A03A-436F-8E4C-A6D01396431B}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"TCP Query User{3D5F350D-5821-43E1-AAC5-17276690076F}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=6 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe |
"TCP Query User{500A52A5-C468-4B60-8217-304FFD88EE0B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{5A55804B-7D73-4BFA-981B-233EB6073441}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"TCP Query User{666FBBD3-CB60-4BE6-87C2-6E5EDD0FA93F}D:\programme\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\programme\chilirec\chilirec.exe |
"TCP Query User{7833C700-5A96-45E1-9C4F-18EB190CC7B0}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"TCP Query User{78DE6F70-097C-47C1-883F-FD738F4EF17A}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"TCP Query User{7A188E3A-5C8D-4529-8AC2-EA59ED69BFEE}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{999C1EAC-A83C-4133-9F5F-FD922007EF49}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
"TCP Query User{A8082984-749C-4C68-95B7-9EEEE46D9B8A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{AA7A2599-DE98-4FC4-8E93-780F0319684F}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{C1328922-FB96-42E0-B343-F53B7C93FFEA}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{D33FE896-1B5C-4D2D-B125-8A6AC36C8D1A}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe |
"TCP Query User{F20D4189-9A49-4D8C-821E-E072845CC6DB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{15573920-5B2A-4733-8F92-272D8300AB68}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"UDP Query User{29B12FD2-CA6E-42A6-91A8-B60D005ED5D2}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{30E27ADE-2D0B-43F0-975D-8183DE686D31}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{332EA9E8-D7B6-4410-9541-CD15051999CD}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=17 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe |
"UDP Query User{42439E35-D610-4E18-81F8-7086057FB250}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{61A5D5A7-9A4A-4DE2-9EE0-E095AB050BAC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{774E6DA8-862E-4B6E-8BD9-A82E3E8652FA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{A7334D05-C0AF-444C-BC6F-F48AA7F64B56}D:\programme\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\programme\chilirec\chilirec.exe |
"UDP Query User{B524DDF5-1C13-477C-BEBD-B480FC6AAB2D}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"UDP Query User{BE0E10DA-472C-41DB-AA5C-04940B2606FD}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C35C9398-2F54-4B75-A1A9-21697613189E}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"UDP Query User{D3AECB7A-EAA4-4539-B0A4-1985764C7C6F}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"UDP Query User{DDAAC868-CEBB-4136-AFDB-4EFFCCD11268}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe |
"UDP Query User{F79D21A8-AC4A-4533-8469-E9A0519928A3}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{752CCAEE-8E33-DE50-9454-B377A2205193}" = ccc-utility64
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chilirec_0" = Chilirec 1.01
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Franzis 3D-Eisenbahnplaner 10.0_is1" = Franzis 3D-Eisenbahnplaner 10.0
"GSplit3Set" = GSplit 3
"Homeworld2" = Homeworld2
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"PSP Video 9" = PSP Video 9 5.03
"RealPlayer 12.0" = RealPlayer
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"Splitit" = Split it 3.2
"StarCraft II" = StarCraft II
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 43110" = Metro 2033
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
"YouTube Downloader App" = YouTube Downloader App 2.03
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.08.2010 12:13:12 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 22.08.2010 12:59:02 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 23.08.2010 08:55:13 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 23.08.2010 08:56:34 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3, Prozess-ID 0x894, Anwendungsstartzeit
01cb42c25851b509.
Error - 23.08.2010 12:37:55 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 09:37:01 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 11:52:43 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 12:06:45 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description =
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 27.12.2010 09:33:23 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 27.12.2010 12:17:14 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 27.12.2010 13:19:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 27.12.2010 13:20:20 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 27.12.2010 14:35:25 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 27.12.2010 14:36:24 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 28.12.2010 08:18:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2010 08:19:12 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
Error - 28.12.2010 09:01:07 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2010 09:01:50 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Gruß
Yetzirah |
