![]() |
|
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 | |||||
| ![]() TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Hallo User, ich habe mir offensichtlich beim Surfen einige Trojaner eingefangen und erhalte ständig Meldungen von Avira, dass ich mit TR/ATRAPS.Gen und TR.ATRAPS.Gen2 infiziert sei. Seit ganz Kurzem habe ich auch Meldungen erhalten von den Trojanern TR/Kazy.86117.1 und TR/Rogue.KD.694391.1 von Avira, mit den anderen beiden Meldungen werd ich nun in Ruhe gelassen, seltsamerweise und hab jetzt relativ lange (ca. eine Stunde) überhaupt keine Meldung mehr bekommen. Ich habe auch mal einen schnellen Scan mit Malwarebytes gemacht und als Ergebnis stand leider was von ZeroAccess und wie ich hier gelesen hab, würde das wohl heißen: System neu aufsetzen. Das nur im Vorraus, trotzdem wäre es nett, wenn ihr euch die Logs anschaut, vllt. könnt ihr mir dazu ja doch noch was Anderes sagen. Bevor ich die Logs poste, erstmal einige Sachen zum Verlauf. Verlauf Also, anscheinend hab ich mir die Schadsoftware beim Surfen eingefangen. Ich erhielt eigentlich zeitgleich sogar zwei Meldungen, einmal von Avira (kostenlose Version) und einmal vom systeminternen Windows Defender. Avira hat die beiden Trojaner ATRAPS/Gen und ATRAPS/Gen.2 gemeldet, vom Windows Defender weiß ich nicht mehr ganz genau, ob er diese Trojaner auch benannt hat, zumindest hat er eine "schwerwiegende" Bedrohung gemeldet. Als ich diese Meldungen bekommen hab, öffnete sich das UAC-Fenster, als ausführendes Programm gab sich Adobe aus (Flash, wenn ich mich richtig erinnere). Ich habe dies nicht zugelassen, weil es mir verdächtig vorkam. Das entsprechende UAC-Fenster tauchte allerdings immer wieder auf, ich habe aber abgelehnt. Aber permanent aufklappende UAC-Fenster stören halt, weswegen ich mich vom Benutzerkonto abgemeldet habe und wieder angemeldet habe. Windows Defender mit seinem Fenster hat da leider nicht reagiert und ich hab es beim Abmelden "gewaltsam" beendet. Tatsächlich, nach Ab- und Wiederanmeldung tauchte das Adobe-UAC-Fenster nicht mehr auf. Bei der Wiederanmeldung hat Windows Defender mich gefragt, ob einige Funktionen von explorer.exe (wohl der Windows-Explorer?) blockiert werden sollen und ich habe zugestimmt. Avira meldete allerdings immer wieder, etwa im Fünf-Minuten-Takt, die beiden Trojaner. Wenn ich mich recht erinnere, meldete Avira auch Probleme in Zusammenhang mit der explorer.exe, ein Scan der Datei hat allerdings nix ergeben (angeblich ist die Datei nicht infiziert lt. Avira). Ich habe es auch mit Neustarts versucht, Problem blieb bestehen. Jetzt habe ich, um die Logs zu erhalten, die Programme ausgeführt, die bei euch in der Anleitung stehen. Seit Kurzem meldete Avira nun die zwei weiteren Trojaner. Weitere Auffälligkeiten Ich habe die Meldungen auffälligerweise dann bekommen, wenn ich eine W-Lan-Verbindung hatte (aller paar Minuten). Hatte ich die Verbindung getrennt, kam iirc keine Meldung (oder viel weniger), beim Start einer Verbindung kam gleich wieder eine Meldung. Momentan hab ich trotz Verbindung schon recht lange keine Meldung mehr erhalten, das scheint zeitlich zusammenzufallen mit den neuen Trojanermeldungen (Kazy und Rogue). Ich weiß nicht, ob das irgendeine Bewandnis hat und poste es einfach hier mal. Im Windows-Defender/Software-Explorer bei "zur Zeit ausgeführte Programme" haben die meisten Prozesse unter dem Namen "Betriebssystem Microsoft®" so ein Icon, das aussieht wie ein Fenster; bei explorer.exe findet sich hingegen ein Icon, dass dem Computer-Icon (vormals "Arbeitsplatz") ähnelt. Habe den Prozess auch einfach mal beendet, um laienhaft zu schauen, was passiert, einige Sachen, die mit diesem Prozess zusammenhingen verschwanden (z. B. Taskleiste) und tauchten wieder auf, nachdem sich der Prozess neugestartet hat. Meldungen von Avira blieben bestehen. Logs So, nachdem ich euch jetzt vielleicht ermüdet hab, nun die Logs. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2012 20:24:52 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free 4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.29 15:13:46 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.11 14:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.17 08:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.09.19 05:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe ========== Modules (No Company Name) ========== MOD - [2011.07.28 22:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2010.01.03 19:28:02 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll MOD - [2010.01.03 19:28:02 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll MOD - [2010.01.03 19:28:02 | 000,012,936 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll MOD - [2010.01.03 19:28:00 | 000,018,056 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll MOD - [2010.01.03 19:28:00 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll MOD - [2010.01.03 19:28:00 | 000,013,960 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll MOD - [2010.01.03 19:28:00 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll MOD - [2010.01.03 19:28:00 | 000,010,376 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll MOD - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe MOD - [2010.01.03 19:27:58 | 000,011,912 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.09 12:04:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 18:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.09.22 18:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.02.08 21:47:48 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2012.02.29 21:47:53 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.01.07 23:46:28 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.10.08 11:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2008.10.08 11:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2008.10.01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.08.26 21:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.05.28 18:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.03 15:05:36 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE366 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE366&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms} IE - HKCU\..\SearchScopes\{F7103568-793E-4058-8BEA-7762A862D1DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE366 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M] [2010.06.08 16:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.04.29 12:50:06 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions [2012.04.29 12:30:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.04.29 12:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [StrokeIt] C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24B3E122-C6A0-4BA5-87B6-4D097E6230A1}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [1997.04.10 00:55:32 | 000,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.12 20:06:35 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.12 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.12 19:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.12 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.12 19:59:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.12 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2012.07.22 10:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded [2012.07.22 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\***\D-Fend Reloaded [2012.07.22 10:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded [2012.07.22 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eddy und Co [2012.07.18 20:32:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Boven de Wolken_data [2012.07.15 16:08:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skat-Online ========== Files - Modified Within 30 Days ========== [2012.08.12 20:23:58 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.08.12 20:21:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.12 20:07:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\04d9n2x1.exe [2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.12 20:06:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.12 19:59:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.12 19:47:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.12 19:47:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 19:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.12 19:46:14 | 2548,350,976 | -HS- | M] () -- C:\hiberfil.sys [2012.08.10 18:29:31 | 000,001,367 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.08.07 12:08:02 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk [2012.08.05 11:54:31 | 000,000,868 | ---- | M] () -- C:\Users\***\Desktop\Notepad++.lnk [2012.08.04 12:37:10 | 000,002,673 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.07.31 17:22:34 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.07.22 10:46:14 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk [2012.07.18 20:32:24 | 000,003,723 | ---- | M] () -- C:\Users\***\Documents\Boven de Wolken.aup ========== Files Created - No Company Name ========== [2012.08.12 20:21:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.12 20:07:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\04d9n2x1.exe [2012.08.12 20:06:13 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.12 19:59:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 13:47:26 | 000,001,712 | ---- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@ [2012.08.10 18:29:31 | 000,001,367 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.08.05 11:54:31 | 000,000,868 | ---- | C] () -- C:\Users\***\Desktop\Notepad++.lnk [2012.07.22 10:46:14 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk [2012.07.18 20:32:24 | 000,003,723 | ---- | C] () -- C:\Users\***\Documents\Boven de Wolken.aup [2012.06.13 19:32:33 | 000,000,054 | ---- | C] () -- C:\Windows\WELTALL.INI [2012.01.11 20:19:34 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@ [2011.10.07 17:39:58 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2011.09.18 15:30:51 | 000,000,306 | ---- | C] () -- C:\Windows\FANGT.INI [2011.08.01 10:21:01 | 000,000,116 | -H-- | C] () -- C:\Users\***\kvirc4.ini [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.07.03 11:51:31 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.06.01 14:10:25 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.05.08 20:05:27 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.05.08 20:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREU1.DLL [2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREL1.DLL [2010.12.27 11:11:47 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.25 22:19:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.25 22:19:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.11.28 12:41:18 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\EasyToolz.ini [2010.10.03 12:57:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\tkcon.hst [2010.03.08 19:53:38 | 000,008,512 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.02.14 19:31:07 | 000,000,736 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.02.09 14:54:04 | 000,014,336 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm [2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader [2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM [2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story [2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games [2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF [2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand [2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA [2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks [2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView [2012.08.11 15:45:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.08.2012 20:24:52 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free 4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00491F72-326D-486A-B59B-6C42742CE30C}" = rport=139 | protocol=6 | dir=out | app=system | "{02D41DA6-9371-4FB9-91B8-E2AC8363BD74}" = lport=2869 | protocol=6 | dir=in | app=system | "{0B920991-1C35-4F3B-B14D-0926929DECE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{19FBF757-D8C7-4CF4-BF16-1E8EDDACF0C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1EDFA460-E536-40BA-93D6-92F74447FFF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2794B89D-8A51-4744-9AF0-7F9299A0BFDA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3B44C8DE-BE8E-498E-870C-A5A8BA80244C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{41A9F118-9612-4CE0-9135-22426F8888A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5F56DD90-686D-42DF-9BBC-818357A82C3E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{68E5C90F-1D42-4DFC-9A64-E7EB72CCD7C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6B0FF415-2D83-4C72-8968-EFB1C21DBC77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7305B40B-F62F-443D-9BC2-9BDA1F6782A3}" = lport=139 | protocol=6 | dir=in | app=system | "{86A7F893-107B-472A-9564-C3BF3BDE3217}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8B74243B-67CF-47CE-9FBF-1B30C3BAB295}" = rport=138 | protocol=17 | dir=out | app=system | "{8C199A1F-05DD-4F9D-85BD-86E6D0BEFDDA}" = lport=2869 | protocol=6 | dir=in | app=system | "{A85693B2-93AD-48B3-8C58-1A4B0BC78F9C}" = lport=137 | protocol=17 | dir=in | app=system | "{A97173BE-FBD7-44E4-A096-B1F5656964B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AD5B04C2-04A3-4D29-AA28-DBE9630EA330}" = rport=2869 | protocol=6 | dir=out | app=system | "{B5E1ABFD-402A-4190-8247-96C7CCEA7EDB}" = lport=138 | protocol=17 | dir=in | app=system | "{B819FF43-4914-465B-83EE-9CF84C1C9DDD}" = lport=445 | protocol=6 | dir=in | app=system | "{BDB1543A-B2A6-4AA3-BAA2-74B6D7582680}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C92C3AEB-2E7F-4AFF-8DFB-BA4184A2CFE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C9DC56A0-D51E-46AF-9514-FECF5BC61D86}" = rport=445 | protocol=6 | dir=out | app=system | "{CD097476-2B18-4516-B98D-26299A6888E2}" = rport=137 | protocol=17 | dir=out | app=system | "{DAAF3E71-6E16-4AED-B4BF-8B07D6AF5B2D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E7297A5D-9973-4A10-8198-FB81DBB9DDCE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EF05170C-065E-497F-9CFE-B1A367305EB0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{F1C5E518-B6F9-4263-8568-B54320FF359F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F1E6B836-8C59-4615-B74A-C063588793A7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004AA9AB-42C8-4F3D-9256-6A7F96DD69B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{074D0620-D90E-4127-B797-0FFD8F6762C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{12A8DE98-1AD0-4C61-912A-4E76CB0F7F54}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{144B8537-F57A-49CE-BB9E-057019EACB6E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{17E3FFCF-1592-4E2B-BFD5-14DBFA6BDA7D}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | "{22489136-AA07-4C74-8B42-BF98F8F887E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{2707B312-68C0-4A37-8A7C-5EC2EE2494FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{29E725B3-3A92-43F4-AFAA-74EE4B37857D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{2DA67581-A7DA-4F65-B9E3-463E8042309D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{4BAAA90A-FE21-489C-8FEB-AD98F54E0F14}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{53A17D13-8E50-44ED-AC60-6C4D0F896E93}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{58C570CE-3EC4-47F8-BFC8-C2710D830DAF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{6066D1BC-E83D-453C-9A13-F783C89EA3BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{62867A75-0D33-4511-A598-22E039039866}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{69738652-6541-4EF2-9D7B-E87F6CC23655}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{76A15512-CDB2-4E56-965B-E840E979EC72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7771613F-E604-45F1-9D9C-CFEEE5358ED6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{83591B4F-7440-4BF9-A322-BA6F768C3640}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{953491EB-5A23-41A0-996E-D4CC2E73A76E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{9EBB30FD-6109-4DCE-8C38-7D6285327DB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{AAC4B0ED-56C5-428B-A5C5-3CB4A85A358C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{B9DC143B-6364-4F7E-A4D3-C43EF9EC2D6F}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{BB0E7FC6-7232-4523-915C-FF52EEC2EBDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{C9F1ED27-7BF4-4431-B590-9DFCEA5DC605}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{DCC1AA4A-6CC6-4CA4-B2D2-667BB747B280}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{E5804014-10BC-43D9-AA51-D42DAFB56F18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{EACC7E42-99F6-488E-B981-75222DCA8941}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{EDCF72F0-7279-4A6A-8E38-C1F9FA28187B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F5691DEB-18BA-4A46-82F3-DC446BD85431}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{FBBE2271-E2CD-4454-8E69-A02F6B5355E9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "TCP Query User{008C73F6-42CC-49DA-8056-2DFD0F92FA21}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{6A1E4700-F0E3-4349-9A13-54E3D77B1201}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{AC39B74B-BEDD-41B0-9F7F-653535B1B8CC}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe | "TCP Query User{D41B2A3A-EC74-4C9C-A898-C11A4F37555C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{DF0340A8-7E6C-4C71-887F-41FA86C751E6}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe | "UDP Query User{4D9DBE6D-3020-41B4-88AF-A77D472116B3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{913EEFFE-8126-4E2C-ACF0-E1BDB7F808BB}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe | "UDP Query User{9DB93350-D455-4B83-A9D4-3EF6D2124D52}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{C9ABAD9F-378F-489E-AB43-22F0FDCA5D14}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{FE844324-1CED-4502-AD50-BAD591BDE12B}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05BACCCD-A20A-B42D-94FD-97E58A7E82EF}" = ccc-utility "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9 "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client "{549DEC06-C480-280A-6286-8C93409A933F}" = AMD Fuel "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6989007F-5785-44C3-BD8E-BEEEF58BB304}" = Deutsch (erweitert I) "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A180ABF7-A88F-FEB2-E94D-ED459821B86B}" = AMD Catalyst Install Manager "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter "{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center "{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver "{DFC40BAA-67F8-4578-84FB-C6077D22BBC2}" = Deutsch (erweitert) "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F737C2B0-0B9C-45F9-AEF1-BBA54AECC215}" = Deutsch (erweitert II) "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller "{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch) "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "Cities XL 2011" = Cities XL 2011 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "CPUID HWMonitor_is1" = CPUID HWMonitor 1.17 "Defraggler" = Defraggler "D-Fend Reloaded" = D-Fend Reloaded 1.3.1 (deinstallieren) "FeedReader_is1" = FeedReader "Fraps" = Fraps "GIF Animator" = Microsoft GIF Animator "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HyperCam 2" = HyperCam 2 "Inkscape" = Inkscape 0.47 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Little Piano_is1" = Little Piano "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Miranda IM" = Miranda IM 0.8.27 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyDefrag v4.2.8_is1" = MyDefrag v4.2.8 "nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1 "Notepad++" = Notepad++ "Ogg Codecs" = Ogg Codecs 0.81.15562 "Opera 11.51.1087" = Opera 11.51 "Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series "SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.3.2 "ST5UNST #1" = PixLin "StrokeIt (Deutsch)" = StrokeIt (Deutsch) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tiled" = Tiled - Tiled Map Editor "Trucks & Trailers" = Trucks & Trailers 1.00 "WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Windows Live Essentials "World of Magic Machines" = World of Magic Machines "ZMBV" = Zip Motion Block Video codec (Remove Only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "JOSM" = JOSM "Skat-Online V9" = Skat-Online V9 "StrokeIt" = StrokeIt "StrokeIt (Deutsch)" = StrokeIt (Deutsch) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3028 Description = Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3058 Description = Error - 10.08.2012 06:58:01 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = Error - 10.08.2012 10:35:19 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = Error - 10.08.2012 13:47:46 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = Error - 10.08.2012 15:24:08 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 06:01:16 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = Error - 12.08.2012 13:47:55 | Computer Name = Notebook | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 28.10.2010 13:27:07 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.10.2010 13:29:59 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 31.10.2010 02:17:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 17.11.2010 13:10:03 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.12.2010 11:32:04 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 25.01.2011 12:14:27 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 07.02.2011 13:04:47 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 01.03.2012 14:58:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3309 seconds with 3120 seconds of active time. This session ended with a crash. Error - 01.04.2012 16:09:33 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9812 seconds with 6420 seconds of active time. This session ended with a crash. Error - 03.04.2012 13:25:05 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 213 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.08.2012 09:02:13 | Computer Name = Notebook | Source = DCOM | ID = 10010 Description = Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2012 09:11:58 | Computer Name = Notebook | Source = DCOM | ID = 10010 Description = Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2012 09:19:55 | Computer Name = Notebook | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 11.08.2012 09:44:56 | Computer Name = Notebook | Source = DCOM | ID = 10010 Description = Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = < End of report > GMer hab ich eigentlich auch durchlaufen lassen, hatte aber keine Rootkit-Meldung und find jetzt auch irgendwie keine .txt dazu; wenn ich nochmal einen Scan machen soll, sagts mir. Und von Malwarebytes mit ZeroAccess-Meldung ... Zitat:
Und von Avira einige meiner Meldungen, hab mal für alle Trojaner, die mir gemeldet wurden, was rausgesucht: Zitat:
Zitat:
Zitat:
Zitat:
Markus Geändert von Markus__ (12.08.2012 um 21:23 Uhr) |
Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe |
'tr/atraps.gen', 'tr/atraps.gen2', 7-zip, antivir, audacity, avira, bho, blockiert, error, firefox, flash player, google, google earth, home, install.exe, intranet, launch, logfile, mozilla, office 2007, plug-in, programm, prozesse, quelldatei, realtek, registry, rundll, scan, senden, server, svchost.exe, system, system neu, trojaner, trotz verbindung, usb 2.0, vista, visual studio, windows, windows-explorer |