Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Beschädigte Festplatte cluster (https://www.trojaner-board.de/98121-beschaedigte-festplatte-cluster.html)

Problem392 25.04.2011 17:01
Beschädigte Festplatte cluster
 
Hallo,
ich bin zum ersten mal in einem Forum und brauche Hilfe. Ich habe die Meldung bekommen: "Beschädigte Festplatte-Cluster gefunden. Private Daten sind in Gefahr." ich habe bereits in anderen Forumsbeiträgen erfahren das die Programme OTL und Unhide nützlich sind und habe sie deshalb bereits runtergeladen. Ich habe auch bereits OTL durchlaufen lassen, weiß aber nicht wie ich weiter machen soll.

Problem392 26.04.2011 06:48
Jetzt sind noch weitere probleme aufgetaucht. WTR loader funktioniert nicht, einige Icons sind vom Desktop gelöscht worden, ebenso wie meine Fotos, Lieder etc. Und die Nachricht das es Probleme mit dem RAM-Speicher gibt.

markusg 26.04.2011 19:11
wie wäre es damit die otl logs zu posten, woher sollen wir wissen wies weiter geht, wenn wir nicht mal die logs kennen :d
erstelle neue, poste sie.

Problem392 26.04.2011 19:38
Die OTL.Txt Datei:
OTL Logfile:
Code:
OTL logfile created on: 26.04.2011 20:24:05 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 0,82 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Bruno\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (fxusbase) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.201.1:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
 
[2008.11.17 14:59:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2011.02.27 22:26:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.11.28 23:19:56 | 000,000,944 | -H-- | M] () -- C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pd0gx28i.default\searchplugins\icqplugin.xml
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Movies_on_DVD_TV_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [conhost]  File not found
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [vKECjCxHfiQS] C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
O4 - Startup: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (C:\Users\Bruno\AppData\Roaming\dwm.exe) -  File not found
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell\AutoRun\command - "" = H:\AutoLcd209x.exe
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell\AutoRun\command - "" = F:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.25 16:59:13 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.25 15:54:22 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.23 21:47:17 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\Desktop\m
[2011.04.23 21:46:57 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\Desktop\Twistys
[2011.04.16 12:57:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 21:49:46 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 21:49:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 21:49:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 21:49:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 21:49:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 21:49:30 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 21:49:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 21:49:29 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 21:49:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 21:49:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 21:49:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 21:49:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 21:49:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 21:49:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 21:20:52 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.04.04 20:24:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.04.04 20:24:23 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 20:29:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 20:29:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 20:29:20 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 20:29:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 20:21:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:21:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:21:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 20:21:18 | 3218,034,688 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 19:21:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.25 16:59:17 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.25 16:56:35 | 000,147,507 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.25 16:53:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.25 16:00:01 | 000,002,299 | -H-- | M] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2011.04.25 15:54:22 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.24 23:27:33 | 000,137,728 | -H-- | M] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 16:36:35 | 000,427,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 13:43:46 | 000,056,039 | -H-- | M] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 21:22:35 | 000,001,036 | -H-- | M] () -- C:\Users\Bruno\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.12 16:04:20 | 002,942,142 | -H-- | M] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 20:19:50 | 000,007,592 | -H-- | M] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2011.04.04 16:00:26 | 004,326,427 | -H-- | M] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.28 22:01:04 | 082,655,457 | -H-- | M] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.13 13:43:45 | 000,056,039 | -H-- | C] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 16:04:13 | 002,942,142 | -H-- | C] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 16:00:26 | 004,326,427 | -H-- | C] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.31 21:18:54 | 082,655,457 | -H-- | C] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[2011.03.18 14:10:05 | 000,000,206 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2011.03.06 12:23:54 | 000,005,616 | -H-- | C] () -- C:\Users\Bruno\AppData\Roaming\77AA.835
[2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.06.05 15:48:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 18:31:07 | 000,148,792 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.12.25 18:25:29 | 000,002,299 | -H-- | C] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2009.09.26 15:28:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.26 15:28:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.28 12:15:37 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.18 16:23:54 | 000,022,328 | -H-- | C] () -- C:\Users\Bruno\AppData\Roaming\PnkBstrK.sys
[2009.03.18 16:23:54 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.18 16:23:39 | 000,103,736 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.03.18 16:23:38 | 000,669,184 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.03.16 16:43:07 | 000,066,872 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.03.14 12:57:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.03.05 20:56:49 | 000,000,319 | -H-- | C] () -- C:\Windows\game.ini
[2008.11.27 16:35:47 | 000,007,592 | -H-- | C] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2008.11.22 21:27:15 | 000,032,825 | -H-- | C] () -- C:\Windows\Irremote.ini
[2008.11.22 21:27:01 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\dmcrypto.dll
[2008.11.22 21:26:11 | 000,006,225 | -H-- | C] () -- C:\Windows\HCWPNP.INI
[2008.11.17 15:59:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.17 14:59:59 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2008.11.16 14:41:30 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll
[2008.11.16 14:38:04 | 000,007,119 | -H-- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.15 20:06:55 | 000,147,507 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.11.15 19:46:17 | 000,137,728 | -H-- | C] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.15 19:44:19 | 000,147,507 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.07 10:13:30 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.22 03:48:06 | 000,626,688 | -H-- | C] () -- C:\Windows\Image.dll
[2008.08.22 03:48:06 | 000,200,704 | -H-- | C] () -- C:\Windows\PLFSetI.exe
[2008.08.22 03:48:06 | 000,020,480 | -H-- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2008.08.22 03:48:06 | 000,000,036 | -H-- | C] () -- C:\Windows\PidList.ini
[2008.08.22 03:43:20 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.14 16:17:34 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.04.24 18:32:56 | 000,389,120 | -H-- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,427,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.01.09 00:34:06 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2001.01.09 00:32:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.01.08 16:47:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2001.01.08 16:47:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.01.08 16:28:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2001.01.08 16:24:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2001.01.08 16:20:57 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2001.01.08 16:19:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== LOP Check ==========
 
[2008.11.15 19:20:17 | 000,000,000 | -HSD | M] -- C:\Users\Bruno\AppData\Roaming\.#
[2010.07.04 17:14:47 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Acer
[2001.01.08 16:45:51 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Acer GameZone Console
[2011.04.25 16:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools
[2009.11.03 19:24:27 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite
[2009.10.31 18:07:28 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\digital publishing
[2011.04.12 21:21:45 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.02.20 14:03:27 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.11.15 19:24:48 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\eSobi
[2009.08.22 18:11:32 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\ICQ
[2009.06.28 12:18:43 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\MAGIX
[2011.04.25 16:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\PowerCinema
[2011.04.25 16:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\SoftDMA
[2009.06.28 12:12:47 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\TerraTec
[2009.05.12 15:05:51 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Ubisoft
[2008.11.15 17:38:34 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Validity
[2010.04.21 19:22:22 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Verbindungsassistent
[2011.04.26 19:21:08 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Problem392 26.04.2011 19:40
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 26.04.2011 20:24:05 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 0,82 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD0A731-624D-42EE-8E6A-816E7C800CB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3F4A1377-5D43-43B6-82C2-5D1E505638AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{404589EE-7543-4B1E-92D4-D544B2B589B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A0218BF-E0CA-4F8C-9DF8-750061C4EBCF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B18AE25-F2A3-40F2-988E-0F90F2838800}" = rport=139 | protocol=6 | dir=out | app=system |
"{5BD864C0-B267-4BD1-8A53-B80CCD06F701}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5D7DA397-C9EA-4FA6-B8BF-B65EE6E224F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6344AC85-796C-4BB6-B5DD-4EE5615C03EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{6671D867-1ED9-4BFC-90C1-341B9E05571C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F4BDC0F-E177-46B4-A73F-D9E1E1EAF56E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{70A7EACF-07B4-49C9-B996-DB196268F190}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C52C206-4E62-400E-BA98-C956C4A331B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A3EBCF9C-F78A-40C3-95A2-1950AEB4F1F1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD907BCD-06E8-4F4B-8C94-E7769C58BFD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C00BA0A8-A76A-4AE5-A58A-906785843A40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C30D773D-CF8A-4447-9021-F145EE4A2DCE}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA8108C9-122B-4722-BAC3-6A3538859E99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEA093F1-B80C-46A9-A4AC-E363180E7A71}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFC8ED7B-D6C4-4E95-8E42-366E87F8DE5A}" = lport=137 | protocol=17 | dir=in | app=system |
"{E86FD625-F4AD-4D99-A30E-7D3C386A27D3}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C0CC6-B387-41CB-980B-46348BB4EFFB}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{02814DEA-8AD0-48C7-ACEE-5A2C0A4CE7D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04DF50EB-47A1-4CFD-8DEB-596CC4212988}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{052C9A74-FE4C-4FA4-A54E-2AC77AAD9755}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{055620E5-EF4E-418B-8B1A-696FD248C644}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{08A303BE-6202-4109-842B-021D7E7593CA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{0F24558D-3C1E-447B-B38F-B1C187F761AE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{0FBCAF41-FC58-4090-A9FB-EF079611B06A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{1075CB75-F2A8-47D1-A250-013815EF8453}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{1183C61E-642E-4A9F-8BC4-38DF03F5AF44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{14373484-E649-43C9-9149-454E65DB1AAA}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{1ADD36AB-5021-459C-8353-C326834EF928}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{1ED30451-9595-40C8-958C-A1A88724C8CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20B24E21-2082-4EAF-BAFB-1FB7F831DB08}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{26A1E309-38CC-45B8-B85F-A560D27C72FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{272EF665-235F-41AB-9CBF-BC19398999B6}" = protocol=17 | dir=in | app=e:\resident 5\re5dx10.exe |
"{299288A4-0848-4E2E-92C1-436B54E63815}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CC60DDA-8399-4602-A89C-FA7FAE0B9240}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{2D493799-E6A4-429F-A6D6-120DD9ECD398}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{2E33A51B-5070-4CEE-A1C3-AC64072901F5}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{2EA20073-8479-49BC-A21B-F5A280F9C60A}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{309C41C1-FF14-4E33-B6D5-4FC55690B008}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{36E0F9F3-81E0-43A1-90D8-631DCBD7909C}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe |
"{39237FD8-9FAA-430F-A494-E94A30ED5ADD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{42FEFD8D-926F-4366-9FD2-6AD66F959C87}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{46DC8319-884D-4A9B-9986-8D3EDB3906A3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{4A6A8F77-075F-4CFD-8F5D-3990D28711ED}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{533EDFCA-92FE-45FD-BEBA-B587980BB448}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B7C67B7-5A9C-4E1E-9495-48DE47D43C80}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{5F018486-20CE-4F4A-B320-CEC4F901684A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{6311C509-4402-428D-89F9-B0FE882CB8C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{63334DB2-189E-48F5-84D6-F7D2E1E21DB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68C2A5DC-3FA4-4A1B-A047-40EC9F3FEF62}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{695B19DB-CE0D-4C5C-8D4E-33D054153874}" = protocol=17 | dir=in | app=e:\resident 5\re5dx9.exe |
"{6994894D-0B07-4039-9A29-A5ADF649A3CC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{69BF45A0-33B9-49E0-8F5D-70D31450834E}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe |
"{6EC19944-E484-4B6E-8116-C00E1C5C38BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F08BFB0-E6E9-4B56-B20A-9820DC096CD5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{72257AED-1741-4175-BA6F-3DBE69EEF51F}" = protocol=6 | dir=in | app=e:\resident 5\re5dx9.exe |
"{745F1B3F-3332-4691-B7A2-49C4C5D11A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{78B3474C-0BA4-427C-8021-E52C087326D0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{78FCDD30-20C1-4EB9-9997-90E36C086157}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{797234D0-CD5D-4B0E-8655-3A0CEF38C37F}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{7A0D8EFD-0228-4564-AAAB-6B896B5A8AA4}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{7C006AE4-8CCF-4DCB-9BD8-A6A3AD8B4F90}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{7C8B885A-AAD6-47A6-87F7-8FE1B62F4A84}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{7CA38CB5-A8DC-41CF-AAF5-BD5670977E46}" = protocol=6 | dir=in | app=e:\resident 5\re5dx10.exe |
"{7E0C4F18-4F8E-4FD0-BD76-A865E6FA6692}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{847693F1-DB97-4F24-B184-6BE43B8834C1}" = protocol=17 | dir=in | app=e:\activision\codwawmp.exe |
"{891AEE52-D601-48DD-B6A6-DCE39642397B}" = protocol=6 | dir=in | app=e:\activision\codwawmp.exe |
"{92B64617-59F6-47F0-9CDB-60DC13AE843A}" = protocol=6 | dir=in | app=e:\activision\codwaw.exe |
"{94EE35D0-AAB9-4376-A3FA-E004008A9C1A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{96BB53FC-D52A-4086-99FD-154A624292EE}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{97F55C3A-A388-4F41-AAED-3B40A6CB4E4E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{98077976-F41F-4CC7-AD58-BE38D13A6D6E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{98C44D1D-4E0C-4D16-9F39-CFBFB554B90F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9E4F995F-DA4F-4EA1-9565-05D4F9C5929A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{9F5F0965-F33D-4EB0-828A-5BE2E9D03F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A115E800-4EBF-423A-B5B1-2F7A2319B21D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{A2F9A547-1AB7-4D17-ADBF-AEE96DE1292F}" = protocol=17 | dir=in | app=e:\activision\codwaw.exe |
"{A7210CE2-A7D3-4713-A96F-3AC1DD60D619}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8E2603C-BDCD-44F2-8A2E-70267D67CB7F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{AD55BE77-812F-4307-8964-2E75BBD9A1A0}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{B5292D5D-5101-47B9-8A33-245C0FED61FA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B8C771AE-C75B-4B34-82A7-D6BC502A4227}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C008179D-093F-4C58-81C7-18DFBD222B8F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{C1EA2ED5-3975-432A-AC6D-3BE34791D107}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{C980B28D-9CF4-4329-ABE6-CE5D0E916230}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{CBF480E5-67A0-4AE4-B503-53C4D4C1F221}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{CF24FFE5-8D55-4F4D-B3CA-4EFD3C906EC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{D002BFA0-4577-468B-B2EE-306D2180C9CB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{D4255894-7084-47D6-8942-5BF01BDADFDE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E252F1EC-24AC-47DC-8A57-7E5E934D8063}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E4EC6C7D-43CE-47B2-87F0-2FA18B59190A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{E68CAF8E-38A0-4B69-B950-8E1C8D7B45C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EA1AE03D-7E77-4B48-AEC9-A94313C4E5CF}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{ECEFF28E-12B8-41E6-9D85-4889011AFA76}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{F15D7B8F-4A9F-4793-96A9-40D806C96C06}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{F28F6E3A-6E43-44F9-8C12-B48E80D5A6DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F46B168B-D746-4AE0-BA18-08DB9C1A803A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F6708A7D-132D-4604-BBB9-8D5D340BC8EA}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{F900BC06-A179-41C5-943C-AF1E804CFC0A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F9B250A7-A435-451A-A308-E79874315693}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FC614412-1C7B-426A-A598-5B8E85474092}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FE480BB4-A133-4BA1-909C-5FD505A5BDD5}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"TCP Query User{19077D5E-1DC4-4110-B3D6-6D97E2B7B0A5}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{213D4DE6-4E12-4910-AAEA-19840D03D4D3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{25C7ABAB-AE90-4A8F-8115-75140E1BCAE6}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{2BB95264-6D07-4EC2-8D06-139B68745F39}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{2CB75835-63E9-4C43-899A-FBF4895C381D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{34C1B0BF-BE22-4B8C-A5BC-670651B1D045}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe |
"TCP Query User{3F16511C-4DFB-45F5-8736-133C3F4DF19B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{85482E50-E47F-4041-9CBE-6E209DA306E4}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{8AA0A186-6A44-49F2-A42E-E318FFECDC1B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{90F4A2AE-3F92-475C-AC82-14F21BDC41AA}E:\medal of honor allied assault\mohaa.exe" = protocol=6 | dir=in | app=e:\medal of honor allied assault\mohaa.exe |
"TCP Query User{9A1243B9-0B4B-4485-B4CE-365056C8E41D}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{9C66E9E2-2A11-451D-BEDB-C552C54E56CE}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{9F14B0D3-4285-431C-ABC6-06623541FAF0}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{B160B986-C232-47E8-B9F9-3189A3616A4D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{B3F53491-61C2-4790-8415-A53F7CF23174}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{CA3B0EA4-40F7-4C7C-830E-597B842CDCED}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=6 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe |
"TCP Query User{CE9F7F6B-50E9-4023-ABF5-3D66E39A0EA6}E:\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war\w40kwa.exe |
"TCP Query User{CEBD54A3-52EA-424F-9B47-2FE8E96BD0EF}E:\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{CEEB84C3-98AD-4CE4-9AB6-A28FB11B7B58}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{CFF4492B-8C4B-4033-91A8-3FCDF598008C}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{E6A7E5C9-CEE5-4FBF-A1B1-84E26C3C6BFE}E:\sierra\fear\fearxp\fearxp.exe" = protocol=6 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe |
"TCP Query User{EA4F8C62-445B-49DA-8052-27C91D7D60BF}E:\activision\cod5\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\cod5\codwaw.exe |
"TCP Query User{EE43A55A-F51E-41F7-AD3D-4B1B3F980166}E:\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{EED0D8D0-A1E7-4A61-AEE1-D8D4CDBE3314}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{03E066DB-203C-4254-9238-0F2491D1A88D}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{0ACEF304-A32E-48F1-BA2A-B0FC1DEF1C02}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{11B2B188-54CB-40C9-9784-367A2CC2FD9C}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{1D1CDBB0-97B8-4EDC-803A-DD9C366D2187}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{2397C66C-743F-4018-AA55-3F0C42CB89AF}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{25BA73DD-AB1E-43C6-9E73-BBEC2D837848}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{25F7C99B-FF3C-40C9-9070-F01338F10443}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{4E6DECC2-CF65-45CE-874A-A7209787D55C}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{5741EC0B-6A27-417F-9E59-14312D4941A1}E:\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war\w40kwa.exe |
"UDP Query User{57471A0A-026A-42E4-89D9-F0991E0C360E}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe |
"UDP Query User{6A87E708-BB6F-4E9B-AA93-6C9B91EDA868}E:\activision\cod5\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\cod5\codwaw.exe |
"UDP Query User{6FAA8E05-E381-47E0-A0E9-2C0FA4D1D1AF}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{881EA9DF-B7B7-4B8E-A82B-A1FAABB68C80}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=17 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe |
"UDP Query User{8CE789D0-0A01-4254-8BAB-87B219A62A9B}E:\medal of honor allied assault\mohaa.exe" = protocol=17 | dir=in | app=e:\medal of honor allied assault\mohaa.exe |
"UDP Query User{9071A018-3857-416A-A211-E0BDF450B704}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{92093DF9-DAE3-41C4-92F7-6C1CFF38AA83}E:\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{92774E51-D5ED-40CF-AF48-98F06B8A7DF6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9A3E1483-8534-48B4-9990-244F7E6831B9}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{AB44A913-C86D-4516-A3E9-A8E1CADE55C1}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{BAFAAB9F-2799-432A-9C63-B7BAAEF75A88}E:\sierra\fear\fearxp\fearxp.exe" = protocol=17 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe |
"UDP Query User{C299D621-2ED7-465B-8C50-CC734CAFD450}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{CC4153B1-EDF9-4618-9A3B-FB438DF39F3A}E:\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{D552E128-4643-43E6-B723-7E2E9B2FD417}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe |
"UDP Query User{EEF393D8-804C-4EF2-94A7-412FB6B586E4}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2009
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.2
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B446F5BC-0503-452D-B9B9-37B782A51FB1}" = G51 Skins
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection

AAV 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ask Toolbar_is1" = Ask Toolbar
"AVIConverter" = AVIConverter 5.1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"DPP" = Canon Utilities Digital Photo Professional 3.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Studio_is1" = Free Studio version 5.0.8
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LManager" = Launch Manager
"MAGIX Movies on DVD TV Edition D" = MAGIX Movies on DVD TV Edition 7.0.3.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2011 12:45:13 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
 0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f,  Prozess-ID 0xa64, Anwendungsstartzeit
 01cc04314fc0612d.
 
Error - 26.04.2011 12:45:19 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.04.2011 12:45:25 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.04.2011 12:45:25 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.04.2011 12:46:45 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vKECjCxHfiQS.exe, Version 1.8.0.0, Zeitstempel
 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276,  Prozess-ID 0x11b0,
Anwendungsstartzeit 01cc04315a6c967d.
 
Error - 26.04.2011 14:21:32 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
 0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f,  Prozess-ID 0x9b4, Anwendungsstartzeit
 01cc043ec4a0041c.
 
Error - 26.04.2011 14:21:35 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.04.2011 14:23:10 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vKECjCxHfiQS.exe, Version 1.8.0.0, Zeitstempel
 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276,  Prozess-ID 0x1268,
Anwendungsstartzeit 01cc043ecfaa090c.
 
[ OSession Events ]
Error - 16.12.2010 04:35:10 | Computer Name = Bruno-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1175
 seconds with 900 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.04.2011 10:12:02 | Computer Name = Bruno-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.04.2011 um 16:05:19 unerwartet heruntergefahren.
 
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 25.04.2011 10:14:53 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 25.04.2011 10:35:01 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 25.04.2011 10:58:39 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 25.04.2011 12:50:25 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 25.04.2011 12:54:03 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.04.2011 12:51:16 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.04.2011 14:28:04 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---

markusg 26.04.2011 19:53
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
:Files
C:\ProgramData\vKECjCxHfiQS.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
öffne computer, öffne D: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Problem392 26.04.2011 20:02
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\ProgramData\vKECjCxHfiQS.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bruno
->Flash cache emptied: 16298 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Bruno
->Temp folder emptied: 480104196 bytes
->Temporary Internet Files folder emptied: 991497432 bytes
->FireFox cache emptied: 42377629 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1445310 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16964946 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.461,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04262011_205732

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg 26.04.2011 20:11
sorry neues otl scriptund dann hochladen
:OTL
:Files
C:\ProgramData\vKECjCxHfiQS.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

Problem392 26.04.2011 20:19
soll ich nun zu movedfiles.rar auf diesen upload channel hochladen ?

Problem392 26.04.2011 20:25
OTL Logfile:
Code:
OTL logfile created on: 26.04.2011 21:21:26 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 2,67 Gb Free Space | 1,85% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bruno\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (fxusbase) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.201.1:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
 
[2008.11.17 14:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2011.02.27 22:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.11.28 23:19:56 | 000,000,944 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pd0gx28i.default\searchplugins\icqplugin.xml
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Movies_on_DVD_TV_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [conhost]  File not found
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - Startup: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (C:\Users\Bruno\AppData\Roaming\dwm.exe) -  File not found
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell\AutoRun\command - "" = H:\AutoLcd209x.exe
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell\AutoRun\command - "" = F:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.25 16:59:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.23 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\m
[2011.04.23 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Twistys
[2011.04.16 12:57:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 21:49:46 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 21:49:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 21:49:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 21:49:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 21:49:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 21:49:30 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 21:49:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 21:49:29 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 21:49:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 21:49:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 21:49:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 21:49:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 21:49:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 21:49:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 21:20:52 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.04.04 20:24:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.04.04 20:24:23 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 21:07:00 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 21:06:59 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 21:06:59 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 21:06:59 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 21:02:01 | 000,504,657 | ---- | M] () -- C:\unhide.exe
[2011.04.26 20:59:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:59:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 20:59:12 | 3218,034,688 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 20:58:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.25 16:59:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.25 16:56:35 | 000,147,507 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.25 16:53:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.25 16:00:01 | 000,002,299 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2011.04.24 23:27:33 | 000,137,728 | ---- | M] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 16:36:35 | 000,427,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 13:43:46 | 000,056,039 | ---- | M] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 21:22:35 | 000,001,036 | ---- | M] () -- C:\Users\Bruno\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.12 16:04:20 | 002,942,142 | ---- | M] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 20:19:50 | 000,007,592 | ---- | M] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2011.04.04 16:00:26 | 004,326,427 | ---- | M] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.28 22:01:04 | 082,655,457 | ---- | M] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.26 21:11:16 | 000,504,657 | ---- | C] () -- C:\unhide.exe
[2011.04.13 13:43:45 | 000,056,039 | ---- | C] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 16:04:13 | 002,942,142 | ---- | C] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 16:00:26 | 004,326,427 | ---- | C] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.31 21:18:54 | 082,655,457 | ---- | C] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[2011.03.18 14:10:05 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.03.06 12:23:54 | 000,005,616 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\77AA.835
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.06.05 15:48:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 18:31:07 | 000,148,792 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.12.25 18:25:29 | 000,002,299 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2009.09.26 15:28:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.26 15:28:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.28 12:15:37 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.18 16:23:54 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.18 16:23:54 | 000,022,328 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\PnkBstrK.sys
[2009.03.18 16:23:39 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.03.18 16:23:38 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.03.16 16:43:07 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.03.14 12:57:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.03.05 20:56:49 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.11.27 16:35:47 | 000,007,592 | ---- | C] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2008.11.22 21:27:15 | 000,032,825 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.11.22 21:27:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2008.11.22 21:26:11 | 000,006,225 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008.11.17 15:59:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.17 14:59:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.16 14:41:30 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.11.16 14:38:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.15 20:06:55 | 000,147,507 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.15 19:46:17 | 000,137,728 | ---- | C] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.15 19:44:19 | 000,147,507 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.22 03:48:06 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.08.22 03:48:06 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.08.22 03:48:06 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2008.08.22 03:48:06 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.08.22 03:43:20 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,427,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.01.09 00:34:06 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2001.01.09 00:32:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.01.08 16:47:34 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2001.01.08 16:47:34 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.01.08 16:28:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2001.01.08 16:24:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2001.01.08 16:20:57 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2001.01.08 16:19:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== LOP Check ==========
 
[2008.11.15 19:20:17 | 000,000,000 | -HSD | M] -- C:\Users\Bruno\AppData\Roaming\.#
[2010.07.04 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Acer
[2001.01.08 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Acer GameZone Console
[2011.04.25 16:47:15 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools
[2009.11.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite
[2009.10.31 18:07:28 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\digital publishing
[2011.04.12 21:21:45 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.02.20 14:03:27 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.11.15 19:24:48 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\eSobi
[2009.08.22 18:11:32 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\ICQ
[2009.06.28 12:18:43 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\MAGIX
[2011.04.25 16:47:18 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\PowerCinema
[2011.04.25 16:47:18 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\SoftDMA
[2009.06.28 12:12:47 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\TerraTec
[2009.05.12 15:05:51 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Ubisoft
[2008.11.15 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Validity
[2010.04.21 19:22:22 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Verbindungsassistent
[2011.04.26 20:58:09 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< :Files >
 
< C:\ProgramData\vKECjCxHfiQS.exe >
 
< :Commands >
 
< [purity] >
 
< [EMPTYFLASH]  >
 
< [emptytemp] >
 
< [Reboot] >

< End of report >
--- --- ---

Problem392 26.04.2011 20:25
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 26.04.2011 21:21:26 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 2,67 Gb Free Space | 1,85% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD0A731-624D-42EE-8E6A-816E7C800CB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3F4A1377-5D43-43B6-82C2-5D1E505638AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{404589EE-7543-4B1E-92D4-D544B2B589B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A0218BF-E0CA-4F8C-9DF8-750061C4EBCF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B18AE25-F2A3-40F2-988E-0F90F2838800}" = rport=139 | protocol=6 | dir=out | app=system |
"{5BD864C0-B267-4BD1-8A53-B80CCD06F701}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5D7DA397-C9EA-4FA6-B8BF-B65EE6E224F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6344AC85-796C-4BB6-B5DD-4EE5615C03EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{6671D867-1ED9-4BFC-90C1-341B9E05571C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F4BDC0F-E177-46B4-A73F-D9E1E1EAF56E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{70A7EACF-07B4-49C9-B996-DB196268F190}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C52C206-4E62-400E-BA98-C956C4A331B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A3EBCF9C-F78A-40C3-95A2-1950AEB4F1F1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD907BCD-06E8-4F4B-8C94-E7769C58BFD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C00BA0A8-A76A-4AE5-A58A-906785843A40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C30D773D-CF8A-4447-9021-F145EE4A2DCE}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA8108C9-122B-4722-BAC3-6A3538859E99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEA093F1-B80C-46A9-A4AC-E363180E7A71}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFC8ED7B-D6C4-4E95-8E42-366E87F8DE5A}" = lport=137 | protocol=17 | dir=in | app=system |
"{E86FD625-F4AD-4D99-A30E-7D3C386A27D3}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C0CC6-B387-41CB-980B-46348BB4EFFB}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{02814DEA-8AD0-48C7-ACEE-5A2C0A4CE7D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04DF50EB-47A1-4CFD-8DEB-596CC4212988}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{052C9A74-FE4C-4FA4-A54E-2AC77AAD9755}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{055620E5-EF4E-418B-8B1A-696FD248C644}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{08A303BE-6202-4109-842B-021D7E7593CA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{0F24558D-3C1E-447B-B38F-B1C187F761AE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{0FBCAF41-FC58-4090-A9FB-EF079611B06A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{1075CB75-F2A8-47D1-A250-013815EF8453}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{1183C61E-642E-4A9F-8BC4-38DF03F5AF44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{14373484-E649-43C9-9149-454E65DB1AAA}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{1ADD36AB-5021-459C-8353-C326834EF928}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{1ED30451-9595-40C8-958C-A1A88724C8CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20B24E21-2082-4EAF-BAFB-1FB7F831DB08}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{26A1E309-38CC-45B8-B85F-A560D27C72FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{272EF665-235F-41AB-9CBF-BC19398999B6}" = protocol=17 | dir=in | app=e:\resident 5\re5dx10.exe |
"{299288A4-0848-4E2E-92C1-436B54E63815}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CC60DDA-8399-4602-A89C-FA7FAE0B9240}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{2D493799-E6A4-429F-A6D6-120DD9ECD398}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{2E33A51B-5070-4CEE-A1C3-AC64072901F5}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{2EA20073-8479-49BC-A21B-F5A280F9C60A}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{309C41C1-FF14-4E33-B6D5-4FC55690B008}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{36E0F9F3-81E0-43A1-90D8-631DCBD7909C}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe |
"{39237FD8-9FAA-430F-A494-E94A30ED5ADD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{42FEFD8D-926F-4366-9FD2-6AD66F959C87}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{46DC8319-884D-4A9B-9986-8D3EDB3906A3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{4A6A8F77-075F-4CFD-8F5D-3990D28711ED}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{533EDFCA-92FE-45FD-BEBA-B587980BB448}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B7C67B7-5A9C-4E1E-9495-48DE47D43C80}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{5F018486-20CE-4F4A-B320-CEC4F901684A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{6311C509-4402-428D-89F9-B0FE882CB8C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{63334DB2-189E-48F5-84D6-F7D2E1E21DB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68C2A5DC-3FA4-4A1B-A047-40EC9F3FEF62}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{695B19DB-CE0D-4C5C-8D4E-33D054153874}" = protocol=17 | dir=in | app=e:\resident 5\re5dx9.exe |
"{6994894D-0B07-4039-9A29-A5ADF649A3CC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{69BF45A0-33B9-49E0-8F5D-70D31450834E}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe |
"{6EC19944-E484-4B6E-8116-C00E1C5C38BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F08BFB0-E6E9-4B56-B20A-9820DC096CD5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{72257AED-1741-4175-BA6F-3DBE69EEF51F}" = protocol=6 | dir=in | app=e:\resident 5\re5dx9.exe |
"{745F1B3F-3332-4691-B7A2-49C4C5D11A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{78B3474C-0BA4-427C-8021-E52C087326D0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{78FCDD30-20C1-4EB9-9997-90E36C086157}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{797234D0-CD5D-4B0E-8655-3A0CEF38C37F}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{7A0D8EFD-0228-4564-AAAB-6B896B5A8AA4}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{7C006AE4-8CCF-4DCB-9BD8-A6A3AD8B4F90}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{7C8B885A-AAD6-47A6-87F7-8FE1B62F4A84}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{7CA38CB5-A8DC-41CF-AAF5-BD5670977E46}" = protocol=6 | dir=in | app=e:\resident 5\re5dx10.exe |
"{7E0C4F18-4F8E-4FD0-BD76-A865E6FA6692}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{847693F1-DB97-4F24-B184-6BE43B8834C1}" = protocol=17 | dir=in | app=e:\activision\codwawmp.exe |
"{891AEE52-D601-48DD-B6A6-DCE39642397B}" = protocol=6 | dir=in | app=e:\activision\codwawmp.exe |
"{92B64617-59F6-47F0-9CDB-60DC13AE843A}" = protocol=6 | dir=in | app=e:\activision\codwaw.exe |
"{94EE35D0-AAB9-4376-A3FA-E004008A9C1A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{96BB53FC-D52A-4086-99FD-154A624292EE}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{97F55C3A-A388-4F41-AAED-3B40A6CB4E4E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{98077976-F41F-4CC7-AD58-BE38D13A6D6E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{98C44D1D-4E0C-4D16-9F39-CFBFB554B90F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9E4F995F-DA4F-4EA1-9565-05D4F9C5929A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{9F5F0965-F33D-4EB0-828A-5BE2E9D03F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A115E800-4EBF-423A-B5B1-2F7A2319B21D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{A2F9A547-1AB7-4D17-ADBF-AEE96DE1292F}" = protocol=17 | dir=in | app=e:\activision\codwaw.exe |
"{A7210CE2-A7D3-4713-A96F-3AC1DD60D619}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8E2603C-BDCD-44F2-8A2E-70267D67CB7F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{AD55BE77-812F-4307-8964-2E75BBD9A1A0}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{B5292D5D-5101-47B9-8A33-245C0FED61FA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B8C771AE-C75B-4B34-82A7-D6BC502A4227}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C008179D-093F-4C58-81C7-18DFBD222B8F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{C1EA2ED5-3975-432A-AC6D-3BE34791D107}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{C980B28D-9CF4-4329-ABE6-CE5D0E916230}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{CBF480E5-67A0-4AE4-B503-53C4D4C1F221}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{CF24FFE5-8D55-4F4D-B3CA-4EFD3C906EC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{D002BFA0-4577-468B-B2EE-306D2180C9CB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{D4255894-7084-47D6-8942-5BF01BDADFDE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E252F1EC-24AC-47DC-8A57-7E5E934D8063}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E4EC6C7D-43CE-47B2-87F0-2FA18B59190A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{E68CAF8E-38A0-4B69-B950-8E1C8D7B45C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EA1AE03D-7E77-4B48-AEC9-A94313C4E5CF}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{ECEFF28E-12B8-41E6-9D85-4889011AFA76}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{F15D7B8F-4A9F-4793-96A9-40D806C96C06}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{F28F6E3A-6E43-44F9-8C12-B48E80D5A6DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F46B168B-D746-4AE0-BA18-08DB9C1A803A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F6708A7D-132D-4604-BBB9-8D5D340BC8EA}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{F900BC06-A179-41C5-943C-AF1E804CFC0A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F9B250A7-A435-451A-A308-E79874315693}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FC614412-1C7B-426A-A598-5B8E85474092}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FE480BB4-A133-4BA1-909C-5FD505A5BDD5}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"TCP Query User{19077D5E-1DC4-4110-B3D6-6D97E2B7B0A5}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{213D4DE6-4E12-4910-AAEA-19840D03D4D3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{25C7ABAB-AE90-4A8F-8115-75140E1BCAE6}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{2BB95264-6D07-4EC2-8D06-139B68745F39}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{2CB75835-63E9-4C43-899A-FBF4895C381D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{34C1B0BF-BE22-4B8C-A5BC-670651B1D045}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe |
"TCP Query User{3F16511C-4DFB-45F5-8736-133C3F4DF19B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{85482E50-E47F-4041-9CBE-6E209DA306E4}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{8AA0A186-6A44-49F2-A42E-E318FFECDC1B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{90F4A2AE-3F92-475C-AC82-14F21BDC41AA}E:\medal of honor allied assault\mohaa.exe" = protocol=6 | dir=in | app=e:\medal of honor allied assault\mohaa.exe |
"TCP Query User{9A1243B9-0B4B-4485-B4CE-365056C8E41D}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{9C66E9E2-2A11-451D-BEDB-C552C54E56CE}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{9F14B0D3-4285-431C-ABC6-06623541FAF0}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{B160B986-C232-47E8-B9F9-3189A3616A4D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{B3F53491-61C2-4790-8415-A53F7CF23174}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{CA3B0EA4-40F7-4C7C-830E-597B842CDCED}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=6 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe |
"TCP Query User{CE9F7F6B-50E9-4023-ABF5-3D66E39A0EA6}E:\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war\w40kwa.exe |
"TCP Query User{CEBD54A3-52EA-424F-9B47-2FE8E96BD0EF}E:\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{CEEB84C3-98AD-4CE4-9AB6-A28FB11B7B58}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{CFF4492B-8C4B-4033-91A8-3FCDF598008C}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{E6A7E5C9-CEE5-4FBF-A1B1-84E26C3C6BFE}E:\sierra\fear\fearxp\fearxp.exe" = protocol=6 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe |
"TCP Query User{EA4F8C62-445B-49DA-8052-27C91D7D60BF}E:\activision\cod5\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\cod5\codwaw.exe |
"TCP Query User{EE43A55A-F51E-41F7-AD3D-4B1B3F980166}E:\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{EED0D8D0-A1E7-4A61-AEE1-D8D4CDBE3314}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{03E066DB-203C-4254-9238-0F2491D1A88D}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{0ACEF304-A32E-48F1-BA2A-B0FC1DEF1C02}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{11B2B188-54CB-40C9-9784-367A2CC2FD9C}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{1D1CDBB0-97B8-4EDC-803A-DD9C366D2187}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{2397C66C-743F-4018-AA55-3F0C42CB89AF}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{25BA73DD-AB1E-43C6-9E73-BBEC2D837848}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{25F7C99B-FF3C-40C9-9070-F01338F10443}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{4E6DECC2-CF65-45CE-874A-A7209787D55C}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{5741EC0B-6A27-417F-9E59-14312D4941A1}E:\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war\w40kwa.exe |
"UDP Query User{57471A0A-026A-42E4-89D9-F0991E0C360E}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe |
"UDP Query User{6A87E708-BB6F-4E9B-AA93-6C9B91EDA868}E:\activision\cod5\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\cod5\codwaw.exe |
"UDP Query User{6FAA8E05-E381-47E0-A0E9-2C0FA4D1D1AF}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{881EA9DF-B7B7-4B8E-A82B-A1FAABB68C80}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=17 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe |
"UDP Query User{8CE789D0-0A01-4254-8BAB-87B219A62A9B}E:\medal of honor allied assault\mohaa.exe" = protocol=17 | dir=in | app=e:\medal of honor allied assault\mohaa.exe |
"UDP Query User{9071A018-3857-416A-A211-E0BDF450B704}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{92093DF9-DAE3-41C4-92F7-6C1CFF38AA83}E:\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{92774E51-D5ED-40CF-AF48-98F06B8A7DF6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9A3E1483-8534-48B4-9990-244F7E6831B9}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{AB44A913-C86D-4516-A3E9-A8E1CADE55C1}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{BAFAAB9F-2799-432A-9C63-B7BAAEF75A88}E:\sierra\fear\fearxp\fearxp.exe" = protocol=17 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe |
"UDP Query User{C299D621-2ED7-465B-8C50-CC734CAFD450}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{CC4153B1-EDF9-4618-9A3B-FB438DF39F3A}E:\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{D552E128-4643-43E6-B723-7E2E9B2FD417}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe |
"UDP Query User{EEF393D8-804C-4EF2-94A7-412FB6B586E4}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2009
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.2
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B446F5BC-0503-452D-B9B9-37B782A51FB1}" = G51 Skins
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection

AAV 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ask Toolbar_is1" = Ask Toolbar
"AVIConverter" = AVIConverter 5.1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"DPP" = Canon Utilities Digital Photo Professional 3.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Studio_is1" = Free Studio version 5.0.8
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LManager" = Launch Manager
"MAGIX Movies on DVD TV Edition D" = MAGIX Movies on DVD TV Edition 7.0.3.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2011 14:21:35 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.04.2011 14:23:10 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vKECjCxHfiQS.exe, Version 1.8.0.0, Zeitstempel
 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276,  Prozess-ID 0x1268,
Anwendungsstartzeit 01cc043ecfaa090c.
 
Error - 26.04.2011 14:48:27 | Computer Name = Bruno-PC | Source = VSS | ID = 8194
Description =
 
Error - 26.04.2011 14:58:06 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BackupSvc.exe, Version 5.1.0.3, Zeitstempel
0x47f5eee7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x9a8, Anwendungsstartzeit
 01cc043ec495a3dc.
 
Error - 26.04.2011 14:59:25 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
 0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f,  Prozess-ID 0x9ec, Anwendungsstartzeit
 01cc04440fea8a98.
 
Error - 26.04.2011 14:59:31 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.04.2011 14:59:46 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.04.2011 14:59:46 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ OSession Events ]
Error - 16.12.2010 04:35:10 | Computer Name = Bruno-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1175
 seconds with 900 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 25.04.2011 10:14:53 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 25.04.2011 10:35:01 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 25.04.2011 10:58:39 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 25.04.2011 12:50:25 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 25.04.2011 12:54:03 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.04.2011 12:51:16 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.04.2011 14:28:04 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.04.2011 14:57:32 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
--- --- ---

Problem392 26.04.2011 20:35
hab ich des richtig gemacht?

markusg 26.04.2011 20:37
du sollst auf fix klicken nicht auf scan

Problem392 26.04.2011 20:42
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\ProgramData\vKECjCxHfiQS.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bruno
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Bruno
->Temp folder emptied: 288030 bytes
->Temporary Internet Files folder emptied: 4506622 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1445310 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 873 bytes

Total Files Cleaned = 6,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04262011_213902

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Problem392 26.04.2011 21:09
Jetzt sind die Dateien wieder sichtbar, soll ich jetzt Unhide nochmal durchlaufen lassen?

markusg 27.04.2011 11:50
nein.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Problem392 27.04.2011 15:22
Combofix Logfile:
Code:
ComboFix 11-04-26.03 - Bruno 27.04.2011  15:54:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3068.1768 [GMT 2:00]
ausgeführt von:: c:\users\Bruno\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Bruno\AppData\Roaming\.#
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-27 bis 2011-04-27  ))))))))))))))))))))))))))))))
.
.
2011-04-27 14:05 . 2011-04-27 14:08        --------        d-----w-        c:\users\Bruno\AppData\Local\temp
2011-04-27 14:05 . 2011-04-27 14:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-26 19:11 . 2011-04-26 19:02        504657        ----a-w-        C:\unhide.exe
2011-04-26 17:06 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE542154-C9AD-4AC8-9CCD-51D75A52F991}\mpengine.dll
2011-04-15 19:48 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-12 19:20 . 2011-04-12 19:21        --------        d-----w-        c:\users\Bruno\AppData\Roaming\DVDVideoSoft
2011-04-04 18:24 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-04-04 18:24 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-04-04 18:24 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 13:56 . 2010-04-02 10:48        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2009-10-04 13:49        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32        279944        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2009-09-22 1528320]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-28 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-28 92704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-08-22 3719680]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"TrayServer"="c:\program files\MAGIX\Movies_on_DVD_TV_Edition\TrayServer.exe" [2008-01-17 90112]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
.
c:\users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-8-22 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-15 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-15 789008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-08-22 01:43        3162624        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 fxusbase;Eumex 400;c:\windows\system32\DRIVERS\fxusbase.sys [2007-08-15 567936]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-04-17 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2008-04-17 15616]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-08-22 43184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-19 717296]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/08/29 15:43];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 15:43 87536]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-14 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-08-22 3520512]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 599344]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\wtgservice.exe [2010-03-11 308688]
S3 AVMCOWAN;AVMCOWAN;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2007-08-15 64512]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-28 43040]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-05-26 40752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=192.168.201.1:3128
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pd0gx28i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-conhost - c:\users\Bruno\AppData\Roaming\Microsoft\conhost.exe
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-27 16:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2876)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-27  16:15:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-27 14:15
.
Vor Suchlauf: 1.784.107.008 Bytes frei
Nach Suchlauf: 3.004.612.608 Bytes frei
.
- - End Of File - - 3B7FC6DF46D78E62F763B9D1BD20142E
--- --- ---

markusg 27.04.2011 15:26
wie läuft das system?
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Problem392 27.04.2011 15:44
eigentlich läuft das System ganz gut, die Arbeitsspeicherauslastung ist vielleicht etwas zu hoch (ca. 60%). Sonst scheint alles in Ordnung zu sein.
Soll die Liste so ausschauen?:

Acer Arcade Deluxe notwendig
Acer Bio Protection
AAV 6.0.00.15 notwendig
Acer Crystal Eye Webcam 3.0.6.2 notwendig
Acer eAudio Management notwendig
Acer eDataSecurity Management notwendig
Acer Empowering Technology notwendig
Acer ePower Management notwendig
Acer eRecovery Management notwendig
Acer eSettings Management notwendig
Acer GridVista notwendig
Acer Mobility Center Plug-In notwendig
Acer ScreenSaver notwend
Acer VCM notwendig
Activation Assistant for the 2007 Microsoft Office suites notwendig
Adobe Flash Player 10 ActiveX notwendig
Adobe Reader 8.1.0 notwendig
Agere Systems HDA Modem unbekannt
Apple Application Support notwendig
Apple Mobile Device Support notwendig
Apple Software Update notwendig
Ask Toolbar unnötig
Assassin's Creed notwendig
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver unbekannt
AVIConverter 5.1.6 unnötig
Avira AntiVir Personal - Free Antivirus notwendig
Bonjour unbekannt
Borderlands notwendig
Brockhaus multimedial 2009 notwendig
Call of Duty(R) - World at War(TM) notwendig
Call of Duty(R) 4 - Modern Warfare(TM) notwendig
CANON iMAGE GATEWAY Task for ZoomBrowser EX notwendig
Canon Internet Library for ZoomBrowser EX notwendig
Canon MOV Decoder notwendig
Canon MOV Encoder notwendig
Canon MovieEdit Task for ZoomBrowser EX notwendig
Canon Utilities Digital Photo Professional 3.8 notwendig
Canon Utilities EOS Utility notwendig
Canon Utilities Original Data Security Tools notwendig
Canon Utilities PhotoStitch notwendig
Canon Utilities Picture Style Editor notwendig
Canon Utilities WFT Utility notwendig
Canon Utilities ZoomBrowser EX notwendig
Canon ZoomBrowser EX Memory Card Utility notwendig
CCleaner (remove only) notwendig
ConvertHelper 2.1 unbekannt
Crysis(R) notwendig
DEVIL MAY CRY 4 notwendig
eSobi v2 unbekannt
F.E.A.R. Mission Perseus notwendig
FEAR notwendig
FEAR Extraction Point notwendig
Firebird SQL Server - MAGIX Edition unnötig
Free Studio version 5.0.8 notwendig
G51 Skins notwendig
ICQ Toolbar unnötig
ICQ6.5 notwendig
Intel(R) PROSet/Wireless WiFi-Software notwendig
Intel® Matrix Storage Manager notwendig
ITECIR unbekannt
iTunes notwendig
JMicron JMB38X Flash Media Controller unbekannt
Launch Manager unbekannt
Logitech Desktop Messenger notwendig
Logitech SetPoint notwendig
MAGIX Movies on DVD TV Edition 7.0.3.3 (D) notwendig
MAGIX Online Druck Service 3.4.3.0 (D) notwendig
MAGIX Screenshare 4.3.6.1987 (D) notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU unbekannt
Microsoft .NET Framework 3.5 SP1 unbekannt
Microsoft .NET Framework 4 Client Profile unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack unbekannt
Microsoft Games for Windows - LIVE unbekannt
Microsoft Games for Windows - LIVE Redistributable unbekannt
Microsoft Office Enterprise 2007 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 unbekannt
Microsoft Works notwendig
MobileMe Control Panel notwendig
Mozilla Firefox (3.0.4) notwendig
MSXML 4.0 SP2 (KB954430) unbekannt
MSXML 4.0 SP2 (KB973688) unbekannt
NTI Backup Now 5 unbekannt
NTI Media Maker 8 notwendig
NVIDIA Drivers notwendig
NVIDIA PhysX v8.10.29 notwendig
Office-Bibliothek notwendig
Orion unbekannt
PhotoNow! unbekannt
Prototype(TM) notwendig
PunkBuster Services unbekannt
QuickTime notwendig
Realtek High Definition Audio Driver notwendig
RESIDENT EVIL 5 notwendig
Safari notwendig
Skype Toolbars unbekannt
Skype™ 4.2 notwendig
Synaptics Pointing Device Driver unbekannt
TerraTec Home Cinema notwendig
Uninstall 1.0.0.1 notwendig
Unlocker 1.8.7 notwendig
Unreal Tournament 3 (LG) notwendig
Validity Sensors software notwendig
Verbindungsassistent notwendig
VideoLAN VLC media player 0.8.6i notwendig
WIDCOMM Bluetooth Software 6.0.1.5000 notwendig
Winamp notwendig
Winamp Toolbar for Firefox unbekannt
Windows Live Essentials notwendig
Windows Live ID Sign-in Assistant unbekannt
Windows Live-Uploadtool notwendig
WinRAR notwendig

markusg 27.04.2011 15:49
brauchst du das acer zeug wirklich alles?
deinstalliere
adobe reader
neue version:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
Agere
Ask Toolbar
AVIConverter
Bonjour
ConvertHelper
eSobi
Firebird
ICQ Toolbar
ITECIR
Launch Manager
Microsoft Games alle
Mozilla Firefox
aktuell ist version 4
Webbrowser Firefox & E-Mail-Client Thunderbird | Mozilla Europe

Orion
PhotoNow
Skype Toolbars
Skype™ 4.2 öffnen, updaten, version 5
VideoLAN VLC
VideoLAN - Official download of VLC media player for Windows

Winamp Toolbar
bereinige mit dem ccleaner.
bei wie viel auslastung warst du denn normalerweise?

Problem392 27.04.2011 15:57
Die acer Programme brauch ich eigentlich schon. Des mit der Auslastung hat sich bereits erledigt,

markusg 27.04.2011 16:04
ok, dann mal weiter wie beschrieben.

Problem392 27.04.2011 16:37
Okay. Hab alle Schritte gemacht, konnte jedoch nicht die winamp toolbar entfernen und folgendes wird angezeigt:
Die Gerätetreibersoftware wurde nicht installiert
Unbekanntes Gerät Fehlgeschlagen
Modem-Gerät am High-Definition-Bus Fehlgeschlagen

Problem392 27.04.2011 17:07
Ist das die richtige treibersoftware?:
MSI M677 Crystal Collection (Agere Systems HDA Modem) Treiber für Windows VISTA (WindowsVISTA,WINVISTA,WIN VISTA) 32 bit Download
hxxp://www.treiberupdate.de/treiber-download/download-170616-treiber-MSI-M677CrystalCollection(AgereSystemsHDAModem).html
Die sollte ich ja löschen.

markusg 27.04.2011 18:49
wenn du sie benötigst instaliere sie wieder. dies ist die richtige.
falls diese fehlermeldung nur einmalig auftauchte, und du die nicht brauchst, dann benötigst du diese instalationsdatei nicht

Problem392 27.04.2011 21:35
Okay. Ist dann des Problem gelöst und wenn ja, kann ich dann unhide, otl usw. vom computer entfernen?

markusg 28.04.2011 11:42
öffne otl klicke bereinigen, tool wird gelöscht.
wenn du willst können wir den pc noch absichern. damit in zukunft die chance für neu infektionen gering ist

Problem392 28.04.2011 19:29
okay, wie würde des ausschauen, wenn ich den pc noch absichere?

markusg 28.04.2011 20:36
hatt das mit otl löschung geklappt>?

Problem392 30.04.2011 21:06
ja des mit der Otl löschung hat geklappt, die anderen programme wie z.b. unhide kann ich jetzt auch löschen, oder?

markusg 01.05.2011 10:50
ja kannst du.

Problem392 05.05.2011 17:40
Okay ich hab jetzt alle Sachen wie unhide usw. gelöscht. Danke nochmals, das ich jetzt wieder meinen Pc benutzen kann, ich dachte der wäre zum wegwerfen. Ich bin wirklich begeistert. Noch ein Frage, wie würdes des mit der Absicherung des Pcs ausschauen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19