Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.08.2012, 17:18   #1
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Hi, seid ca. einer Stunde schliest sich stendig mein Taskmanager von alleine wieder.
Ich spielte gerade BF3 und das Game stürzte mal weider ab beim mapchange.
Ich benutzen Sandbox, aber weil ich mit der einstellung von Sandbox nicht zurecht komme kann ich es leider nicht für alles nutzen.

z.B. alles wo ich videos schauen will kann es es nicht nutzen, und alles was im sandbox ich im internet sehe ist auch ohne ton.

BF3 kann ich von da aus auch nicht nutzen, leider

Komm damit leider einfach nicht voll klar und mein englisch ist auch nicht so super ^^

So habe ein ähnliches Problem gelesen und dort wurde nach einem Log gefragt, den post ich auch gleich mal.

Ich hoffe ich muss nicht schonwieder formatieren, musste ich erst vor einigen Monaten wegen nem Trojamer. Wäre super schön wenn ich irgendwie auf einen stand zurücksetzen kann wo noch alles ging so vor ner woche von mir aus


HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:09:26, on 18.08.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3758058623-1903977830-3846845706-1003\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'xxxxxxxxxx')
O4 - S-1-5-21-3758058623-1903977830-3846845706-1003 Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe (User 'xxxxxxxxx')
O4 - S-1-5-21-3758058623-1903977830-3846845706-1003 User Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe (User 'xxxxxxxxx')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10338 bytes
         
--- --- ---
Huch schon auf seite zwei gelandet ich "up" mal, hoffe mir kann schnell jemand helfen.

Kleines "UP" bin ja schon auf seite 2 gerutscht
Hoffe kann bald jemand helfen...

Huch schon auf seite zwei gelandet ich "up" mal, hoffe mir kann schnell jemand helfen.

ok jetzt hab ichs geraft xD einen post unter sein eigenen geht wohl nicht Gute einstellung ^^

-
-
-
Wenn ich mich mit meinem Administrator Benutzer Profil anmelde hab ich das Problem nicht, falls es evtl. weiterhilft...

Alt 19.08.2012, 18:06   #2
t'john
/// Helfer-Team
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 19.08.2012, 20:12   #3
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Hier schonmal die OTL Looks.
Malware scan läuft grad noch


OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.08.2012 20:11:51 - Run 1
OTL by OldTimer - Version 3.2.58.0     Folder = C:\Users\nichtadmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,15% Memory free
7,48 Gb Paging File | 5,32 Gb Available in Paging File | 71,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,38 Gb Total Space | 24,79 Gb Free Space | 41,06% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 121,49 Gb Free Space | 54,09% Space Free | Partition Type: NTFS
 
Computer Name: ____ | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\LittleWulf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\Sandboxie\32\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE473
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 18:39:44 | 000,000,000 | ---D | M]
 
[2012.03.04 17:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2012.03.18 22:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\uiywrttb.default\extensions
[2012.03.05 18:38:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\uiywrttb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.06.07 18:16:25 | 000,002,102 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uiywrttb.default\searchplugins\wot-safe-search.xml
[2012.06.21 17:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.18 22:48:01 | 000,521,086 | ---- | M] () (No name found) -- C:\USERS\admin\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIYWRTTB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.03.05 18:38:48 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\admin\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIYWRTTB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.07.28 20:18:31 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB71CAE6-168F-4520-8193-B8B6A2F15561}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.19 19:56:42 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.08.19 19:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.19 19:56:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.19 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.18 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2012.08.15 17:44:35 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 17:43:27 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 17:43:26 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 17:43:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 17:43:09 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 17:43:08 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 17:43:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 17:42:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 17:42:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 17:42:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 17:42:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.07.31 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012.07.31 18:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2012.07.28 20:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.28 20:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.19 19:56:29 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.19 19:35:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.19 19:06:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.19 19:06:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.19 19:06:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.19 17:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.19 15:57:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 15:57:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 15:49:14 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.18 14:29:39 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.16 17:34:16 | 000,367,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 20:35:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 20:35:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.31 16:23:11 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.31 16:23:11 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.31 16:23:11 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.31 16:23:11 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.31 16:23:11 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012.08.19 19:56:29 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.18 14:29:39 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.07.12 16:31:00 | 000,000,804 | ---- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\L\00000004.@
[2012.07.03 11:19:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.03 11:19:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.03 11:19:16 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012.07.03 11:19:16 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012.07.03 11:19:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.06.26 20:08:54 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.06.26 20:08:53 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.06.26 20:08:51 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.05.10 10:04:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.10 10:04:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.10 22:15:43 | 000,000,694 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.07 19:10:15 | 000,000,826 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.05 21:28:47 | 000,003,272 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.04 19:48:36 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.04 17:49:54 | 000,002,048 | -HS- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\@
[2012.03.03 01:55:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.03 01:51:37 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.04.19 12:36:21 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.03.18 22:48:04 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\3Dconnexion
[2012.08.18 14:32:21 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Anytow
[2012.08.18 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Awdoba
[2012.07.13 04:55:48 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\DAEMON Tools Lite
[2012.08.15 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\EoN
[2012.08.19 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\ICQ
[2012.03.20 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\OpenOffice.org
[2012.08.09 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Origin
[2012.06.28 19:54:46 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\TeamViewer
[2012.08.14 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\TS3Client
[2012.07.31 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\XnView
[2012.08.18 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Yxdy
[2012.07.13 03:59:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2012.03.07 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ICQ
[2012.03.07 20:39:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2012.03.07 19:12:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin
[2012.08.12 17:56:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2012.08.19 15:49:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.08.2012 20:11:51 - Run 1
OTL by OldTimer - Version 3.2.58.0     Folder = C:\Users\nichtadmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,15% Memory free
7,48 Gb Paging File | 5,32 Gb Available in Paging File | 71,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,38 Gb Total Space | 24,79 Gb Free Space | 41,06% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 121,49 Gb Free Space | 54,09% Space Free | Partition Type: NTFS
 
Computer Name: ____ | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F3A94C-F122-4A5C-8A2A-C1370C23799B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10B4FE8B-CB8E-4F83-940D-4FD10F2746AD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1620874C-FCE1-410E-BA1A-EC9BDA2F58E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{37F98B62-93B4-4064-ADBE-7266DC51612B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{42CB7B10-17C2-4696-A1ED-53747B10867B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{43B6C940-7364-447F-AEB8-CAEED7035F11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{45BAA1B9-F046-4979-8B6E-E3D35D77E6B0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{50A7592B-701A-4B08-9EDD-4B455CA014B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{51105F2E-31E5-4A94-839F-B661EF3DA866}" = rport=137 | protocol=17 | dir=out | app=system | 
"{569142D9-B73D-4D4C-B841-A4FDA4F5F1DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7E3871A3-73EF-417B-BE7B-E75A8119C7AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{817D57F4-15CB-4D89-9D3E-A1362B18E267}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8495791E-7023-462C-9EC6-C72F2BD7D0E5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{870AD098-708E-44CA-8892-7F474AABDF3C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8A24831B-75C6-49B2-B2E5-DEC50D7A49F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8C790B8D-681A-43B5-A4DC-7344569FFD8C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A58D7D3D-1AF8-42E5-B5F3-F128405F3281}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B0DD09C9-A0A2-4DB3-A007-B90E4B05A7B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C82DF571-E5FD-4349-A138-68CCFA7E041F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FCEA900D-B57F-4492-B127-DB2BF4AA1AA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FECD492A-127A-407C-8306-0749AFE3E362}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C91090-B5C3-45FA-8312-5469E01B18F7}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{02852484-B64D-4621-8358-E7E5CECB7BAC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0411381A-4F4B-42B4-A1A1-860127E348B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{098C70DA-0B64-40BF-BF8B-59FBD99AC698}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic 2013 demo\dotp_d13_demo.exe | 
"{13F334BC-5F0A-4610-895E-80767E2616FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{15F41015-59E6-42BD-A9D3-E3F6BB990B08}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{1A938BE2-3789-4E37-AFB1-11CE2FB07F4F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{1ED15905-417B-4F3D-8870-3C0ECA68BD15}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{1F3A4489-B5F2-4A07-8C98-C1C82D6831D5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{2201A978-DA6C-47C4-B2B7-7DA90C58F589}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{259037B4-6F43-48AB-93D6-5417444FB516}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{2828D8B6-6DA6-4654-9286-264DD369EE4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2C911EC9-4A4C-4ED2-AB61-B7AAA20EDD06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{33B0966A-E448-45D8-9B56-AEE4058F468C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{347ED66D-A80E-4E9A-A19C-D67D0D26BC04}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{3C73AA64-12C2-42AB-A644-085058C6DBBB}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | 
"{3E9264CD-4E0B-40D5-8B7A-B6F3248F0666}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe | 
"{3F32B416-0A7A-4862-B960-624284C7E2CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{489EBA16-AC6F-4153-B329-AB4B5C591C59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C1DED3D-A0F0-47AD-8AEC-1638AC32D9C6}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe | 
"{551484BC-58AD-4932-804F-81C6EE2FD1B9}" = protocol=17 | dir=in | app=d:\games\origin games\battlefield 3\bf3.exe | 
"{612BDA36-92D9-4989-9D5E-E3B2BBC7AE54}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{6635B104-95FC-4DB2-8542-2BD31C6B4CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{68D42766-138A-4750-9475-1658FD421975}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{695C84EB-1520-4122-B757-26F1B4905C76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6BD9474E-464A-44B3-A355-755CF099532B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F8D4358-7604-4F68-9033-431E900FE3CB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{700E1155-491F-4862-88EF-BC7C6846DCBD}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii\diablo iii.exe | 
"{7E6410F1-AAB0-49DF-8390-1D240ECEA70E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic 2013 demo\dotp_d13_demo.exe | 
"{7E69A5F5-B9FE-4DDD-9298-D8AC31961C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{86752A78-AC27-4762-8D7C-B7679B3AA37D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8983134A-50A4-4344-A962-AC46258434F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9BA4266C-AD9F-4E21-BEEF-6FDDD1F6160B}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{9C12A486-DD52-468D-BDEF-4BB1F897D1A6}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii\diablo iii.exe | 
"{9C80345C-F51C-406F-90E1-29C131941631}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9FDFC307-ABF9-4FAB-BE6E-46A7FF5B2300}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe | 
"{A0E7B4B7-B45D-4E3E-BECA-99B3E7B3EC30}" = protocol=6 | dir=out | app=system | 
"{A50C4AAD-42DC-40A4-9109-C6BFF0A49F78}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | 
"{A5893FC0-C622-4C0D-A79E-B242758F4505}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{AC1DFD39-CFDA-4865-8647-A655AF95CCDB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AD5D722C-AA73-49E3-A0CD-819BBD9A048E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{AFDBAB4F-C31C-49C3-B3D8-4FCEF8FF0D1B}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | 
"{B5B0CF4F-F508-4374-8557-49F015C78E35}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{BB626015-62E3-4296-A9E6-E40C77BCEB30}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{BB94EC53-1079-40B4-99B6-A1426A3FC738}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{C08E02EA-E244-4BF5-8A6E-CF97593387B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C19DB016-A6BA-4BE0-B5F3-6C14255F82EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C2211008-E81F-4170-AC80-1E7A6B8E91D2}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{C6C502F1-A4AF-4CC8-B11A-A06F6E667D01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBF98ABB-6492-4C9B-ABF3-3FE27C265A05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD686802-4419-4A44-988A-3CDCC5143F5C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CFB9D772-6467-4755-9B08-667E363E5208}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | 
"{D7F59B86-27CA-4AD8-9DC3-6A973384D478}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{DA9783CF-CA31-420D-BC62-F8AE41816610}" = protocol=6 | dir=in | app=d:\games\origin games\battlefield 3\bf3.exe | 
"{DC181075-0EDD-4DD0-8B89-458FB17E5D34}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{DCF37783-450B-421A-98A8-84B038D81E35}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe | 
"{DD32FA3D-FC00-4C72-A1D9-74C4C175A76F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DFC4C1F7-839A-434E-A83B-28E514B22BAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DFDA098B-5399-4C3A-B68C-65F0F31410EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{E5BFC051-2B97-4D29-A844-C70413594CE3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9D98CC3-61B7-4240-A8BF-5C9B1F4FC7BE}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{F346D2CA-CE2C-495D-A09A-B10EF855A3A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F574EBEF-FA6A-4FA3-95DE-D436285794ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F6144F46-9DC7-402C-B06E-026538D65B23}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FCC1C5F2-BC21-49B7-ADCC-A0B888F52584}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{0352B962-3556-44F9-84F7-43E3DF707AAC}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{09DC5A19-C761-4F3A-A596-F50FF415001E}D:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{14DBFBFF-F15B-430C-BCC7-E6B6BBBF004F}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{199C9C86-6796-459D-9B3C-A5C8709069FA}D:\games\left4dead2\left4dead2.exe" = protocol=6 | dir=in | app=d:\games\left4dead2\left4dead2.exe | 
"TCP Query User{1C10F732-9C5E-440C-992A-2A3CE36E42A4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{2628B882-58AB-4F97-B57C-C11C75C322B4}D:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{313C4A3A-B6C9-4944-9AF7-2F9A5DEF1EFF}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{3BA22A83-B474-4B8E-A071-D52F24BF5A96}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{4D381FC5-D935-4CC8-A32B-74627EB6FC87}C:\users\admin\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\starcraft_2_eu_de-de.exe | 
"TCP Query User{57F52F4C-B2F0-41FD-AB51-0C46559297C0}C:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe | 
"TCP Query User{6502974B-E525-4C9F-AF76-AFEC259741D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{67F2DAAF-4022-47D9-A3AF-B9B69F07EE3D}D:\games\warcraft iii 2 an midget (midget)\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii 2 an midget (midget)\war3.exe | 
"TCP Query User{6AAF3117-2544-4488-AB1E-5D8EE276FE36}C:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"TCP Query User{833BAF54-6384-41A1-8C0F-AF46168EE1DD}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{8E78B87F-22BA-4195-8AE0-92902F0C4E81}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{981E80CE-FD21-4FB9-946C-82F951FE5C36}C:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | 
"TCP Query User{9CE04E96-4441-452E-B9A8-A5BDA1E3160D}D:\games\age of empires ii the age of kings\empires2.exe" = protocol=6 | dir=in | app=d:\games\age of empires ii the age of kings\empires2.exe | 
"TCP Query User{9D85F312-FF0F-461C-A514-E424D92D42EA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{9F64804A-1AAF-44AF-9251-2DDFE27A084B}D:\games\warcraft iii\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\starcraft ii.exe | 
"TCP Query User{A321B776-4752-4397-BB4C-9C33D99FC93E}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe | 
"TCP Query User{C1D86821-02D4-4F91-9BFF-F80D9C0F56D9}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{D8651308-1AAA-493A-9F90-1CDE946DF9D0}C:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{D8C704C1-28A4-46BE-B418-9566B4F21F8D}D:\games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\games\command and conquer generals\game.dat | 
"TCP Query User{DFA4598A-3A22-403E-90F7-83EF4D695335}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{F8BA274A-FB7F-4A18-BD9B-F55CB21DA368}C:\users\nichtadmin\downloads\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_dede.exe | 
"TCP Query User{FAD0C791-324E-46F7-8F4E-320AD4DC6108}C:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | 
"UDP Query User{1169A0AD-D2D8-42C2-B7F6-947B8CD4BD7A}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{22B01130-C29B-4DE9-8D39-3F5F2BB34BA3}C:\users\nichtadmin\downloads\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_dede.exe | 
"UDP Query User{25D013BE-A376-418F-98BF-DDB3ED807CF7}D:\games\warcraft iii\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\starcraft ii.exe | 
"UDP Query User{471B026B-49D9-4ECA-85C7-872C6D669E74}C:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{4A05CBF2-242A-4DB4-AC7C-95425D1069CF}D:\games\warcraft iii 2 an midget (midget)\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii 2 an midget (midget)\war3.exe | 
"UDP Query User{4BC030E4-C6E3-477A-8791-2864A2342507}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{52A64C03-4A90-464B-A315-B13DDD10213C}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe | 
"UDP Query User{6349858B-AF48-4C71-8511-B7E0D692590A}C:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | 
"UDP Query User{7B1E4015-747E-411F-94F6-EBCAE89A09F1}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{7B40E25A-98B9-422A-9906-912C1800953D}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{815B3ED7-9FBB-42DD-ADC0-8A15127BE4D5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{83471507-6BEA-422C-A1F9-E659EAFC5C39}C:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | 
"UDP Query User{84308E42-2A68-4951-8703-349CCF4101EC}D:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{89317902-F5CD-4CF7-8084-65357D3AE517}D:\games\left4dead2\left4dead2.exe" = protocol=17 | dir=in | app=d:\games\left4dead2\left4dead2.exe | 
"UDP Query User{96FB9091-EB2F-4E36-ADDD-6BB23AE6CAC2}D:\games\age of empires ii the age of kings\empires2.exe" = protocol=17 | dir=in | app=d:\games\age of empires ii the age of kings\empires2.exe | 
"UDP Query User{98169B9A-2893-44CA-94BF-CC88DD8E9208}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{9DF63A42-6583-45C8-AF74-92B8A58BC6B9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B13848E0-9958-4270-99DE-1EBA7AB0CF24}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{B6F90F87-04D2-4964-B444-8A495FFE46F6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{C92AA728-5AA0-4419-A13F-09C7CCF742A2}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{D63603AF-5417-4E78-A40F-00103193CFBB}C:\users\admin\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{D686D7C7-5B00-4CF7-94CE-83D929902E8F}D:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{E946BFE4-32C0-428F-B787-CE57CA3B5681}C:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{F5B8C1B5-BEC3-400C-B051-068E0AD23773}C:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe | 
"UDP Query User{F832D051-A0BA-4ACA-8A52-7B860B8651B8}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{FC8EAEE6-4A07-4149-A35B-2F4F28A2D29D}D:\games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\games\command and conquer generals\game.dat | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{364DE718-D45E-978A-A316-AB0557649B6F}" = ATI AVIVO64 Codecs
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.64 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57439F3C-1001-5AB2-A0E4-F36D43C84BEB}" = HydraVision
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E0D3B8A3-F268-4C74-AD24-AE489FA80B39}_is1" = Xtreme-G 12.4 Win7-8 32-64bit
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cockatrice" = Cockatrice
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"FileHippo.com" = FileHippo.com Update Checker
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"StarCraft II" = StarCraft II
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 97340" = Magic: The Gathering - Duels of the Planeswalkers 2013 Demo
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft
"XnView_is1" = XnView 1.98.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2012 17:11:39 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Left4dead2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4addfda3  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4b2be096  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001a2103  ID des fehlerhaften
 Prozesses: 0x11e4  Startzeit der fehlerhaften Anwendung: 0x01cd606aeb31a6d0  Pfad der
 fehlerhaften Anwendung: D:\Games\Left4Dead2\Left4dead2.exe  Pfad des fehlerhaften
 Moduls: D:\Games\Left4Dead2\left4dead2\bin\client.dll  Berichtskennung: 2b5fd57a-cc66-11e1-adb5-c80aa995482f
 
Error - 13.07.2012 00:49:22 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f50f  ID des fehlerhaften
 Prozesses: 0xcd0  Startzeit der fehlerhaften Anwendung: 0x01cd60b2dd09f213  Pfad der
 fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
 Squad\mow_assault_squad.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 1ceaa314-cca6-11e1-adb5-c80aa995482f
 
Error - 13.07.2012 00:50:01 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f50f  ID des fehlerhaften
 Prozesses: 0x430  Startzeit der fehlerhaften Anwendung: 0x01cd60b2f4bb244d  Pfad der
 fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
 Squad\mow_assault_squad.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 33985f50-cca6-11e1-adb5-c80aa995482f
 
Error - 13.07.2012 00:51:06 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f50f  ID des fehlerhaften
 Prozesses: 0xfa0  Startzeit der fehlerhaften Anwendung: 0x01cd60b31bb0cad7  Pfad der
 fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
 Squad\mow_assault_squad.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 5a717558-cca6-11e1-adb5-c80aa995482f
 
Error - 13.07.2012 00:53:58 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f50f  ID des fehlerhaften
 Prozesses: 0xe5c  Startzeit der fehlerhaften Anwendung: 0x01cd60b37eea283b  Pfad der
 fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
 Squad\mow_assault_squad.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 c1335da3-cca6-11e1-9035-c80aa995482f
 
Error - 13.07.2012 00:55:15 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f50f  ID des fehlerhaften
 Prozesses: 0xea0  Startzeit der fehlerhaften Anwendung: 0x01cd60b3afdc8b82  Pfad der
 fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
 Squad\mow_assault_squad.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 eec80ec7-cca6-11e1-9035-c80aa995482f
 
Error - 13.07.2012 07:01:27 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f50f  ID des fehlerhaften
 Prozesses: 0x86c  Startzeit der fehlerhaften Anwendung: 0x01cd60e6d77323a6  Pfad der
 fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
 Squad\mow_assault_squad.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 1783702d-ccda-11e1-80ac-c80aa995482f
 
Error - 13.07.2012 17:59:07 | Computer Name = ____ | Source = Application Hang | ID = 1002
Description = Programm Demigod.exe, Version 1.0.0.91 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 688    Startzeit: 
01cd61388a9794f2    Endzeit: 324    Anwendungspfad: D:\Games\Demigod-RADIANCE.Upped.By.Creep\radiance-demigod\bin\Demigod.exe

Berichts-ID:
   
 
Error - 14.07.2012 18:51:36 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cockatrice.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4ff1d2a7  Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.1.0,
 Zeitstempel: 0x4fe7a8a8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0063cb64  ID des fehlerhaften
 Prozesses: 0x8fc  Startzeit der fehlerhaften Anwendung: 0x01cd6204f883b9cb  Pfad der
 fehlerhaften Anwendung: D:\Games\Cockatrice\cockatrice.exe  Pfad des fehlerhaften
 Moduls: D:\Games\Cockatrice\QtGui4.dll  Berichtskennung: 768d13b8-ce06-11e1-acca-c80aa995482f
 
Error - 15.07.2012 12:53:04 | Computer Name = ____ | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10bc    Startzeit:
 01cd62a4ea58069e    Endzeit: 63    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 8935f187-ce9d-11e1-ad68-c80aa995482f  
 
[ System Events ]
Error - 15.08.2012 11:26:00 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 16.08.2012 11:24:45 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 16.08.2012 11:34:10 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 17.08.2012 11:22:01 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 17.08.2012 17:14:23 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 18.08.2012 04:11:26 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 18.08.2012 07:48:08 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 18.08.2012 09:54:35 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 18.08.2012 11:55:54 | Computer Name = ____ | Source = DCOM | ID = 10010
Description = 
 
Error - 19.08.2012 09:49:40 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >
         
--- --- ---

hhmm nach dem entfernen sagte mir maleware ich muss neustarten um richtig zu entfernen, ich hab erstmal die txt gespeichert und dann neu gestartet, leider ist die txt aber nun aufeinmal weg

Aber er hatte 2 sachen gefunden, beide entfernt.

Nu geht taskmanager wieder.

Übrigens, in letzter zeit stürzt mir mein windows explorer direkt nach dem hochfahren einfach ab, kann ich niks machen auser hard kill das nervt
__________________

Alt 19.08.2012, 20:49   #4
t'john
/// Helfer-Team
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE473 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found 
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found 
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found 
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 0 

[2012.08.18 14:29:39 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA 

[2012.08.19 19:35:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.12 16:31:00 | 000,000,804 | ---- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\L\00000004.@ 
[2012.03.04 17:49:54 | 000,002,048 | -HS- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\@ 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.08.2012, 17:47   #5
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Wenn man sowas liest

Zitat:
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
führt man doch gern bedenkenlos irgend etwas aus was irgend jemand von einem möchte wenn man absolut garkeine Ahnung von dem hat was man da tut xD

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "WOT Safe Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\ism_0_llatsni.pad moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\L\00000004.@ moved successfully.
C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\LittleWulf\Desktop\cmd.bat deleted successfully.
C:\Users\LittleWulf\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LittleWulf
->Temp folder emptied: 241926094 bytes
->Temporary Internet Files folder emptied: 49071040 bytes
->Java cache emptied: 1810417 bytes
->FireFox cache emptied: 830934077 bytes
->Flash cache emptied: 9325 bytes
 
User: Public
 
User: admin
->Temp folder emptied: 430401103 bytes
->Temporary Internet Files folder emptied: 23020286 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46739158 bytes
->Flash cache emptied: 635 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 396229776 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes
RecycleBin emptied: 2149 bytes
 
Total Files Cleaned = 1.927,00 mb
 
 
OTL by OldTimer - Version 3.2.58.0 log created on 08202012_184956
         

Wenn ich OTL nochma starten will sagt mir mein Emsisoft achtung da tut sich was blockieren oder nicht?

Was hat denn dieser "Fix" ausgeführt???



Geändert von LittleWulf (20.08.2012 um 17:57 Uhr)

Alt 20.08.2012, 18:04   #6
t'john
/// Helfer-Team
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)

Alt 20.08.2012, 19:14   #7
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
LittleWulf :: ___ [limited]

20.08.2012 19:29:29
mbam-log-2012-08-20 (19-29-29).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302128
Time elapsed: 38 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/20/2012 at 20:15:33
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : xxxxx - ____
# Boot Mode : Normal
# Running from : C:\Users\LittleWulf\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Partner

***** [Registry] *****


***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\uiywrttb.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\LittleWulf\AppData\Roaming\Mozilla\Firefox\Profiles\dru5hpei.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1369 octets] - [20/08/2012 20:15:33]

########## EOF - \AdwCleaner[R1].txt - [1497 octets] ##########
         

Alt 20.08.2012, 22:16   #8
t'john
/// Helfer-Team
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 16:42   #9
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/21/2012 at 17:37:45
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : xxxxx - ____
# Boot Mode : Normal
# Running from : C:\Users\LittleWulf\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****




***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\uiywrttb.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\LittleWulf\AppData\Roaming\Mozilla\Firefox\Profiles\dru5hpei.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [291 octets] - [20/08/2012 20:17:42]
AdwCleaner[S2].txt - [1197 octets] - [21/08/2012 17:37:45]
AdwCleaner[R3].txt - [1671 octets] - [21/08/2012 17:37:36]
AdwCleaner[R1].txt - [1492 octets] - [20/08/2012 20:15:33]
AdwCleaner[R2].txt - [1552 octets] - [20/08/2012 20:17:30]

########## EOF - \AdwCleaner[S2].txt - [1505 octets] ##########
         
Und ich habe mir Emsisoft gekauft, aufgrund einer Empfehlung aus einem anderen Thread wo ich Probleme mit nem Trojaner hatte.
Und ich Scanne regelmäßig, so alle 3-5 Tage und lösche dan alle funde, weil ich Quarantäne nicht vertraue

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 21.08.2012 17:24:50

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	21.08.2012 17:45:01


Gescannt	576205
Gefunden	0

Scan Ende:	21.08.2012 18:18:47
Scan Zeit:	0:33:46
         

Alt 21.08.2012, 17:45   #10
t'john
/// Helfer-Team
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.08.2012, 04:45   #11
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Also mein Windows stürzt jetzt bei jedem Hochfahren einmal ab, kurze lädt er, und dann kann ich nichts machen bleibt einfach hengen. Muss jedes mal Hardkill machen und nochmal hochfahren.

Möchte bitte gern erstmal wissen was wir hier die ganze zeit machen???? Das Porblem worum es in dem Thread ging war ja schon nach dem ersten Schritt gelöst?

Alt 22.08.2012, 20:24   #12
t'john
/// Helfer-Team
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Nein, wir sind noch nicht fertig.

erst ESET dann absichern, dann Absturz-Probleme.
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.08.2012, 16:18   #13
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



ich seh jetzt erst das du willst das ich mein emsisoft deinstalliere. Hab mir ne jahres lizens gekauft, werde sie jetzt nicht einfach deinstallieren. Vorallem nicht wenn man mir garnicht erklärt warum das ganze.

Alt 27.08.2012, 20:01   #14
t'john
/// Helfer-Team
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



1. woher soll ich wissen, dass du es gekauft hast?

2. Malware schaltet oft den Taskmanager aus. Die mussen wir erstmal finden. Dann wissen wir wie sie ins System kam.

Aber egal, Problem ist ja geloest.
Ich bin raus.
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.08.2012, 20:24   #15
LittleWulf
 
Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Standard

Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)



Zitat:
Und ich habe mir Emsisoft gekauft, aufgrund einer Empfehlung aus einem anderen Thread wo ich Probleme mit nem Trojaner hatte.
Und ich Scanne regelmäßig, so alle 3-5 Tage und lösche dan alle funde, weil ich Quarantäne nicht vertraue (Seite 1 Post #9)
Zitat:
führt man doch gern bedenkenlos irgend etwas aus was irgend jemand von einem möchte wenn man absolut garkeine Ahnung von dem hat was man da tut xD
Zitat:
Möchte bitte gern erstmal wissen was wir hier die ganze zeit machen????
Ich wollte doch nur wissen was da die ganze zeit gemacht wird. Ich weis das diese Hilfe hier ehrenamtlich in der kostbaren Freizeit gemacht wird, und sicherlich ist nicht jeder ausreichend Dankbar, es tut mir leid wenn ich mich nicht oft genug bedankt habe. Vielen Dank für die Hilfe!

Aber es ist doch wohl schon verständlich das man nicht bedenkenlos alles ausführt was jemand einem aufträgt.

Sobald ich morgen vom Zahnarzt komme führe ich gern die letzten Schritte durch. Ich denke mal es wird für ESET reichen wenn ich Emsi dafür ausschalte.

Antwort

Themen zu Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)
acrobat update, adobe, adobe flash player, bho, dll, einstellung, emsisoft, excel, explorer, firefox, flash player, hijack, hijackthis, internet, internet explorer, launch, locker, log, mozilla, mywinlocker, notification, phishing, problem, rundll, secunia psi, security, siteadvisor, software, super, taskmanager, windows, wmi, wmp



Ähnliche Themen: Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)


  1. Taskmanager schließt sich sofort wieder und System wird immer langsamer
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (4)
  2. In meiner Taskleiste unter Windows 7 öffnet sich irgendein Programm und schließt sich sofort wieder
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (11)
  3. (2x) Taskmanager schließt sich sofort
    Mülltonne - 25.06.2012 (1)
  4. XP meldet sich sofort nach Anmeldung wieder ab!
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (0)
  5. Windows 7 Explorer öffnet und schließt sich sofort wieder
    Alles rund um Windows - 21.03.2011 (3)
  6. Sicherheitscenter lässt sich nicht aktivieren/deaktiviert sich sofort wieder
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (26)
  7. Windows XP logt sich nach dem Anmelden sofort wieder aus
    Alles rund um Windows - 19.05.2010 (11)
  8. Windows fährt hoch und meldet sich sofort wieder ab
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (1)
  9. Programme schließen sich sofort wieder nach start...
    Log-Analyse und Auswertung - 01.02.2010 (1)
  10. PC meldet sich an und sofort wieder ab
    Alles rund um Windows - 25.12.2009 (6)
  11. Winows XP fährt hoch und meldet sich sofort wieder ab
    Plagegeister aller Art und deren Bekämpfung - 24.12.2009 (2)
  12. Win XP fährt hoch und meldet sich sofort wieder ab :(
    Plagegeister aller Art und deren Bekämpfung - 04.12.2009 (7)
  13. PC fährt hoch und sofort wieder runter...XP neuinstallieren bringt nichts...
    Alles rund um Windows - 27.08.2009 (8)
  14. Taskmanager schließt sich sofort nach dem öffnen
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (3)
  15. Windows meldet sich sofort wieder ab
    Mülltonne - 15.01.2009 (0)
  16. Unbekanntes Fenster öffnet sich und schließt sofort wieder
    Log-Analyse und Auswertung - 16.02.2008 (3)
  17. Account meldet sich an und sofort wieder ab
    Plagegeister aller Art und deren Bekämpfung - 27.10.2007 (6)

Zum Thema Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) - Hi, seid ca. einer Stunde schliest sich stendig mein Taskmanager von alleine wieder. Ich spielte gerade BF3 und das Game stürzte mal weider ab beim mapchange. Ich benutzen Sandbox, aber - Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts)...
Archiv
Du betrachtest: Taskmanager schliest sich sofort wieder, was soll ich tun? (Win7 und Emsisoft findet nichts) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.