| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Security Tool - bin ich es los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.07.2010, 11:40
| #1 |
 |  Security Tool - bin ich es los? Grüße, geliebtes TB! Vorab als Info: Windows Vista home premium 32bit Opera 10.60 3 Benutzerkonten: 1x Admin - nur für Windows Updates etc genutzt 1x Privat - eingeschränkt und ohne Adminrechte, am häufigsten genutzt. 1x Büro - eingeschränkt und ohne Adminrechte Gestern bin ich in meinem Privatbenutzerkonto durch Klicken auf ein Google-Suchergebnis an Security Tool gekommen. Wer hätte gedacht, dass die Suche nach Tips zum Führen eines Haushaltsbuches so gefährlich sein kann  Daraufhin öffnete sich eine PDF mit einer .tmp Endung und PLING "Security Tool has been installed". Dann gings Knall auf Fall und alles hat geblinkt und was weiß ich. PC erst mal in Panik ausgeschaltet, neu hochgefahren und in meinem Privatkonto konnte ich nichts mehr ändern. Kein Taskmanager, kein mbam, nix. Also ab ins Büro Profil, dort ging noch alles wunderbar. Habe dann Malwarebytes upgedatet, fullscan gemacht, Funde gelöscht. Neugestartet, wieder ins Büroprofil, Antivir upgedatet und Fullscan gemacht, wieder neugestartet und wieder im Büroprofil Malwarebytes laufen lassen, diesmal aber "als admin starten". Weitere Funde gelöscht und wieder neugestartet. Dann bin ich in mein Privatprofil (hab mich endlich getraut ^^) und habe Malwarebytes erneut im Fullscan unterm Privatkonto laufen lassen. Funde entfernt. Danach in jedem Konto CCleaner upgedatet und laufen lassen, alles entfernt, registry gesäubert, nochmal "zur Sicherheit" laufen lassen. Kurzum: Malwarebytes hat alles unter jedem Benutzer gefunden und entfernt, CCleaner hat die Reste entfernt, aber ich fühle mich unsicher. Mein PC läuft wieder einwandfrei, meine Hosts-Datei war nicht betroffen und soweit "eigentlich" alles gut. Mir fällt noch ein: Windows Update hatte ich seit ca. 2 Wochen nicht laufen, da ich die Zeit irgendwie nicht dran gedacht habe ins Admin Konto zu wechseln, werd ich gleich nachholen! Gibt es eventuell noch einen Scanner, den ich drüberlaufen lassen kann? Hijackthis hatte die Einträge soweit gefunden und nach Malwarebytes Arbeit war HijackThis auch "clean". Sorry für den Roman, sorge mich immer noch, auch wenn Antivir, Malwarebytes und CCleaner nichts mehr finden... |
|
22.07.2010, 15:38
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Security Tool - bin ich es los? Sieht aus als hätten dich die eingeschränkten Rechte vor Schlimmerem bewahrt, denn dann hast Du keine Schreibrechte in Systembereiche und weder Schreib- noch Leserechte in den Profilordnern andere Benutzer!
__________________Poste bitte mal alle Malwarebytes-Logs.
__________________ |
|
22.07.2010, 18:20
| #3 |
| | Security Tool - bin ich es los? Ja, das glaub ich auch *phew* ^^
__________________Log1 Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4332
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
20.07.2010 23:40:25
mbam-log-2010-07-20 (23-40-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 287415
Laufzeit: 59 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
da hatte ich mich gewundert, da Rainmeter ja eigentlich nicht schädlich ist, habs dennoch entfernt (also den skin) Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4332
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
20.07.2010 22:31:52
mbam-log-2010-07-20 (22-31-52).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 287573
Laufzeit: 59 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Ivory\Documents\Rainmeter\Skins\Enigma\ConfigureEnigma.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\SaS\Documents\Rainmeter\Skins\Enigma\ConfigureEnigma.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lt-lt_bf12ba06fdc0c65b_msimsg.dll.mui_72e8994f (Trojan.Dropper) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4332
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
20.07.2010 21:14:13
mbam-log-2010-07-20 (21-14-13).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152464
Laufzeit: 7 Minute(n), 2 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\ProgramData\49493130 (Rogue.Multiple) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-59915249-1296444255-759154618-1000\$RGNX5DI.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\ProgramData\49493130\49493130.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Ivory\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Ivory\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Ivory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Ivory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srvklw32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Stellt CCleaner keine Logs auf? Sonst hätt ich das auch noch gepostet, hab aber nichts gefunden. Danke :* edit: hm, der schlimmste log ist nur ein quick-scan... wo hab ich den fullscan? ich geh mal suchen.. edit: im Büroprofil war noch eins: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4324
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
20.07.2010 20:48:12
mbam-log-2010-07-20 (20-48-12).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 290933
Time elapsed: 1 hour(s), 56 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\49493130 (Rogue.Multiple) -> Delete on reboot.
Files Infected:
C:\ProgramData\49493130\49493130.exe (Rogue.Multiple) -> Delete on reboot.
Der erste Log ist der "Neueste" unter dem "befallenen" Profil als Fullscan und augenscheinlich sauber <3 Geändert von muhkuh (22.07.2010 um 18:28 Uhr) |
|
22.07.2010, 19:14
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool - bin ich es los?Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.07.2010, 20:30
| #5 | |
| | Security Tool - bin ich es los? Nein, die Zahlenreihe da sagt mir gar nichts. Allerdings hatte ich beim Googlen den Thread zu Security Tool gefunden, dort war ein Abschnitt mit "folgende Dateien sind von Security Tool" oder so und da waren lauter Dateien dieser Art (also Zahlenordner mit Zahlendateien drin). hier: Zitat:
Kurzum: Nein, das Ding sagt mir nix. hier die OTL Sachen mit *** als Profilname (wenns ok ist) OTL.txt: [code] OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2010 21:16:24 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Ivory\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 24,94 Gb Free Space | 25,54% Space Free | Partition Type: NTFS Drive D: | 352,64 Gb Total Space | 245,20 Gb Free Space | 69,53% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 7,45 Gb Total Space | 0,69 Gb Free Space | 9,32% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RIDGEBACK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\**Privatprofil**\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\**Privatprofil**\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - D:\Progz\Opera\opera.exe (Opera Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Progz\Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Users\**BüroProfil**\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - D:\Progz\Rainlendar\Rainlendar2\Rainlendar2.exe () PRC - D:\Progz\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - D:\Progz\RocketDock\RocketDock.exe () PRC - D:\Progz\Lotus\org6\organize\EasyClip6.exe (Lotus Development Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\**Privatprofil**\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3725.dll () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egistec) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (mbmiodrvr) -- C:\Windows\System32\mbmiodrvr.sys (cansoft@livewiredev.com) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) DRV - (PMEM) -- C:\Windows\System32\drivers\PMEMNT.SYS (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Progz\Firefox\components [2010.06.30 16:39:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Progz\Firefox\plugins [2010.07.03 14:56:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: D:\Progz\Thunderbird\components [2010.05.21 20:06:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: D:\Progz\Thunderbird\plugins [2010.07.03 14:56:29 | 000,000,000 | ---D | M] [2010.04.10 10:22:55 | 000,000,000 | ---D | M] -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Extensions [2010.06.19 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions [2010.04.10 10:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.19 17:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80} [2010.06.19 17:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96} [2010.06.19 17:58:17 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99} [2010.04.10 10:22:58 | 000,000,000 | ---D | M] -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\staged-xpis O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Progz\Lotus\org6\organize\iehelper.dll () O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Progz\Malwarebytes\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [Rainlendar2] D:\Progz\Rainlendar\Rainlendar2\Rainlendar2.exe () O4 - HKLM..\RunOnce: [BrowserBallot] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Progz\Malwarebytes\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\Progz\Lotus\org6\organize\bandobjs.dll () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Caylee\AppData\LocalLow\Microñoft\redir.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- File not found O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell - "" = AutoRun O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell - "" = AutoRun O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell - "" = AutoRun O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.21 15:25:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.07.21 15:25:19 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.07.21 15:25:19 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.07.21 15:22:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.07.21 15:22:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.07.20 17:02:33 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll [2010.07.20 17:02:33 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll [2010.07.18 22:34:21 | 000,000,000 | ---D | C] -- C:\Users\**Adminprofil**\AppData\Local\JollyBear [2010.07.18 22:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear [2010.07.14 14:47:01 | 000,000,000 | ---D | C] -- C:\Windows\My Kingdom for the Princess [2010.07.08 19:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.07.08 18:35:57 | 000,000,000 | ---D | C] -- C:\Users\**Adminprofil**\AppData\Local\SCE [2010.07.06 17:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2010.07.06 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\**Adminprofil**\AppData\Local\Last.fm [2009.03.20 17:49:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.07.22 21:16:04 | 001,835,008 | -HS- | M] () -- C:\Users\**Adminprofil**\NTUSER.DAT [2010.07.22 20:37:13 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.07.22 20:37:13 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.07.22 20:30:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.22 20:30:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.22 19:15:06 | 000,524,288 | -HS- | M] () -- C:\Users\**Adminprofil**\NTUSER.DAT{2932b98a-76c0-11df-8ceb-00235a84f537}.TMContainer00000000000000000001.regtrans-ms [2010.07.22 19:15:06 | 000,065,536 | -HS- | M] () -- C:\Users\**Adminprofil**\NTUSER.DAT{2932b98a-76c0-11df-8ceb-00235a84f537}.TM.blf [2010.07.22 15:09:28 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.22 15:09:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.22 15:09:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.22 15:09:28 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.22 15:09:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.22 12:30:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.22 12:30:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.21 23:16:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.20 17:02:33 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll [2010.07.20 17:02:33 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll [2010.07.18 22:25:14 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI [2010.07.15 18:13:44 | 000,001,427 | ---- | M] () -- C:\Users\Public\Desktop\MyMicroBalance.lnk [2010.07.14 14:47:12 | 000,000,944 | ---- | M] () -- C:\Users\**Adminprofil**\Desktop\My Kingdom for the Princess.lnk [2010.07.08 19:14:13 | 000,000,861 | ---- | M] () -- C:\Windows\wininit.ini [2010.07.08 18:39:06 | 000,000,812 | ---- | M] () -- C:\Users\**Adminprofil**\Desktop\EverQuest II (EU Deutsch).lnk [2010.07.06 17:23:18 | 000,000,537 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010.07.06 17:01:58 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.07.03 14:56:30 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2010.07.18 22:25:14 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.07.15 18:13:44 | 000,001,427 | ---- | C] () -- C:\Users\Public\Desktop\MyMicroBalance.lnk [2010.07.14 14:47:12 | 000,000,944 | ---- | C] () -- C:\Users\**Adminprofil**\Desktop\My Kingdom for the Princess.lnk [2010.07.08 18:39:06 | 000,000,812 | ---- | C] () -- C:\Users\**Adminprofil**\Desktop\EverQuest II (EU Deutsch).lnk [2010.07.06 17:23:18 | 000,000,537 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010.07.03 14:56:30 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.02.11 09:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll [2009.11.30 17:13:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.11.27 18:33:02 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2009.11.23 17:21:01 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.09.04 19:05:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.03 16:31:09 | 000,000,076 | ---- | C] () -- C:\Windows\ricdb.ini [2009.09.03 16:31:08 | 000,000,027 | ---- | C] () -- C:\Windows\System32\RPCS.ini [2009.08.31 15:20:11 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.31 15:20:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.08.30 16:20:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.29 14:55:35 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009.08.29 14:55:35 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys [2009.08.29 01:36:45 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.29 01:35:42 | 000,000,861 | ---- | C] () -- C:\Windows\wininit.ini [2009.04.19 01:01:10 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.04.19 01:01:10 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.10.28 12:32:40 | 000,950,272 | ---- | C] () -- C:\Windows\System32\MPEG4Evfw.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll [2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.05.21 20:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1998.01.13 13:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\System32\LOTRN13.DLL ========== Files - Unicode (All) ========== [2010.01.17 02:58:15 | 003,932,214 | ---- | M] ()(C:\Users\**Adminprofil**\Desktop\b?????m.bmp) -- C:\Users\**Adminprofil**\Desktop\b�����m.bmp [2010.01.17 02:57:32 | 003,932,214 | ---- | C] ()(C:\Users\**Adminprofil**\Desktop\b?????m.bmp) -- C:\Users\**Adminprofil**\Desktop\b�����m.bmp ========== Alternate Data Streams ========== @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F1535D7B @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:41C283B2 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1013B07C @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:ABD3B354 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DF695222 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4220A65C @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F878F14A @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D88D995C @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:193426B4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FF818E2B @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:66633281 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1AF93AF4 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:61E5F0F7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:557AD709 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A78FEBF9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07D9FF25 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0888F409 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3BD11093 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:C8182692 < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.07.2010 21:16:24 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\**Privatprofil**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,94 Gb Free Space | 25,54% Space Free | Partition Type: NTFS
Drive D: | 352,64 Gb Total Space | 245,20 Gb Free Space | 69,53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,45 Gb Total Space | 0,69 Gb Free Space | 9,32% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RIDGEBACK
Current User Name: **Adminprofil**
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Progz\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Progz\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Progz\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD455E0-337D-4D45-939F-142F1C71DB62}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{11CE8972-1D2B-4F97-8720-6DC9E408E04C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22A003D4-5543-43BA-99BF-7438C4DBF4A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{2488069E-24E3-4FE7-B486-B862BFB02D3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49707AA1-99C7-4177-AB74-8BC8106CE07A}" = lport=49184 | protocol=6 | dir=in | name=akamai netsession interface |
"{51A16504-3CC7-4C8C-AD38-D18AB6A55164}" = lport=137 | protocol=17 | dir=in | app=system |
"{52FFBD2D-1F28-4A4A-A36E-84E69F6E2763}" = lport=445 | protocol=6 | dir=in | app=system |
"{533B6117-E9E5-46FA-896F-5D3A7A7D841F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{533D1097-892A-4EF7-8953-EFC594E2DCF9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7EC4473F-32D0-4839-905E-249C767EE63D}" = rport=139 | protocol=6 | dir=out | app=system |
"{7F175D0C-3550-407B-A492-694413648025}" = lport=138 | protocol=17 | dir=in | app=system |
"{8249BD3A-A965-4258-B2C4-6EEC9938311C}" = rport=138 | protocol=17 | dir=out | app=system |
"{85D2347E-31AE-49AB-BB86-5440D79E18BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{90478739-90FC-4B8D-B209-91A859162035}" = lport=139 | protocol=6 | dir=in | app=system |
"{913E3535-0411-4B31-BC3F-2CF1AF87EA46}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{925AE79B-728C-400C-9009-9C0471876001}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4BE89C9-1BCF-4268-9FAD-8EC5CF606B45}" = lport=6112 | protocol=6 | dir=in | name=wciii |
"{A8A81598-F8BB-4209-B2F5-C09E0F80D20A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8E5D029-CD14-43F1-9663-3D1CAD4ED9B5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EE8FDBEC-90C6-4E9E-ABC7-403B806F30D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F252CA5D-54B7-4C94-9B6E-6019ABD6089B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F38A6702-B396-4427-AB62-F1985F14A3A9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02194400-F3E0-4C36-841A-2660D00A8AF6}" = protocol=17 | dir=in | app=d:\progz\steam\steam.exe |
"{08A46C4E-9142-461E-AAAE-503C437D02D0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{0989EB26-391E-40C7-8950-ACD5402D1DAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0BF2E4B1-BE44-437E-BEBC-19B245AC631F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{1EBCBEB7-4A11-4FF3-96BB-76E67E67DCA9}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{225570C6-CEE9-4BF8-843F-7B4724981A30}" = dir=in | app=c:\progz\skype\phone\skype.exe |
"{320D5787-4CB7-49E8-B95C-627EFF348319}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{34040298-BA41-41E8-BA2F-A5D4D8B77746}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{341CE715-8562-4444-A532-C833BE97E38B}" = protocol=17 | dir=in | app=d:\progz\tv browser\tvbrowser.exe |
"{34852032-14C4-47E0-9F3E-8BACEAE7C6A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{38712A7D-F185-49E2-8834-C7A8D522CDA6}" = protocol=17 | dir=in | app=d:\multimedia\games\fear\fearmp.exe |
"{409A93C8-9E3D-4DC6-A0A8-F51D5B4C0FF2}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{44FE2F65-DFCE-4D46-B8DD-83C7EE00F43A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{56D4C125-5C0C-4B57-8718-B476E4401B18}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{5F43E633-3D3B-41EA-BD0F-48F07DC849BC}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{616559CD-C4C7-473E-9510-02134A4DE29C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{748E4184-ED9D-4AD3-8912-D60E17490BFA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{758126FD-0EB1-4407-9050-6D9C93E8F8CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{772730D7-0A07-4076-AFB9-1FF7E198FCB0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{7A6294EE-86FF-4979-A7E0-281072B34A8F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{89FD6FFB-5A9D-4975-805B-B83028920B19}" = protocol=17 | dir=in | app=d:\progz\\utorrent.exe |
"{92EE23A0-DCE6-4F8D-B347-7F4D8DBD04B2}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{93055E12-CE00-44E4-85B7-471A9B0BE4A6}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{94587594-8C01-4701-9D92-ECD39BA5A89B}" = protocol=6 | dir=in | app=d:\progz\\utorrent.exe |
"{97F99D4B-F6C9-4CCE-9B08-4ED4671840AE}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{9841299A-8327-4D9F-A6C0-3AE8F20514B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A506BD13-C6C0-49B6-A6D5-1F9D6CD64FF5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A7916262-14AA-4464-9299-75A517176725}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{ADB84518-1A6B-4D93-8DFA-43C9817CB5E3}" = protocol=17 | dir=in | app=d:\multimedia\games\fear\fear.exe |
"{B21D810E-EAE0-4848-81D2-1800A9171514}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{B3141721-B6E3-4E1F-A9E3-70E97B4D5F5A}" = protocol=6 | dir=in | app=d:\multimedia\games\fear\fear.exe |
"{B5B122D3-EF03-4F6B-83B4-797DEF126AC5}" = protocol=6 | dir=in | app=d:\progz\tv browser\tvbrowser_nodd.exe |
"{B8A216DD-F6A4-47B9-83C9-6125B3D9F82E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BA1D9CD4-9C48-47B7-BC60-AF88EE4A44EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BB576EB0-ABE4-4DA2-B6F1-C8412FB200DC}" = protocol=6 | dir=in | app=d:\progz\steam\steam.exe |
"{BF37A1DC-16CB-4FC0-B3D2-B46B643DFFC7}" = protocol=6 | dir=in | app=d:\multimedia\games\fear\fearmp.exe |
"{C0197ED1-CCD8-447B-802A-9F1CA1D77A48}" = protocol=6 | dir=in | app=d:\progz\tv browser\tvbrowser.exe |
"{C02D2132-E996-4210-85D6-91C784884649}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{C0AA46EF-01C1-4677-8107-F6836C54955F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CDA18427-B918-4D53-A1CC-64861EBBFD21}" = protocol=17 | dir=in | app=d:\progz\tv browser\tvbrowser_nodd.exe |
"{D0108A08-DFE8-418A-BF74-329E8C4DCDD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D19F6D26-F492-4812-9624-FAB213D77D17}" = protocol=6 | dir=in | app=d:\progz\steam\steam.exe |
"{D279FADB-D888-4450-9D10-9DC6EF0A3480}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{D3D4EF29-25AF-4FBF-BD3B-F0F91F27C145}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB2C0999-411C-4E12-97B3-EC9D2AB95251}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{E2711249-6DE0-424A-A6DD-2D53017B89B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EACEF86D-5373-4B8F-B482-2DA355B881BA}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{ECCC7597-CA7C-46A9-9D8F-F99C3DABD01C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{FEA20D4A-F2A5-4FDC-92EA-A0D3EEC0B4A2}" = protocol=17 | dir=in | app=d:\progz\steam\steam.exe |
"TCP Query User{11C8B6F5-2273-4B51-A6E4-D1F353D7A1F0}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"TCP Query User{2981F040-FA22-4FD4-8403-54F9A3C8DC89}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{36D04550-4583-4B31-954A-10CBE04263C1}C:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe |
"TCP Query User{379C8C30-B478-4555-8FE5-17EB142DB1B5}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{45141CE4-844B-47FB-B6A8-C068638CA89C}D:\progz\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\progz\skype\phone\skype.exe |
"TCP Query User{4B9C30AE-F88B-4935-A8E2-F0982FCFAE05}D:\progz\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\progz\trillian\trillian.exe |
"TCP Query User{585CE905-0841-490A-93B1-607FF6C2271B}D:\downloads\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=d:\downloads\wow-language-pack-engb-downloader.exe |
"TCP Query User{62C0052B-D3C9-4337-9D66-FDDCF8F377F1}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{7B1A3811-C501-4209-93E5-DFA91BDA1DA8}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe |
"TCP Query User{80A0F038-BBEC-414A-BD4E-627A12103CFB}D:\progz\opera\opera.exe" = protocol=6 | dir=in | app=d:\progz\opera\opera.exe |
"TCP Query User{81913B3F-8D9C-49A8-8B84-E72467D371A8}D:\multimedia\games\medal of honor\mohaa.exe" = protocol=6 | dir=in | app=d:\multimedia\games\medal of honor\mohaa.exe |
"TCP Query User{84921E5F-A62D-4870-8B71-08AB60010ACA}C:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe |
"TCP Query User{860F55ED-4D21-43D8-9337-531483719742}D:\progz\opera\opera.exe" = protocol=6 | dir=in | app=d:\progz\opera\opera.exe |
"TCP Query User{8804AEEA-132A-450E-B010-9F158A404B4C}D:\progz\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\progz\trillian\trillian.exe |
"TCP Query User{8BCF167C-E892-44AF-A89A-28F2E897F4D2}D:\progz\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\progz\soulseek\slsk.exe |
"TCP Query User{B860B465-951E-4535-B309-633A8BA6EAEF}C:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe |
"TCP Query User{C3D2D242-9374-4DFF-9A90-8E21F3A62BA8}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe |
"TCP Query User{C61E4E15-0FD5-4BF7-97A2-B07DC00441EA}D:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe |
"TCP Query User{C80F556D-72DA-4681-ACFA-144E8A17F184}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"TCP Query User{CD71176A-3FE5-460E-90CF-CD7EB562C07C}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"TCP Query User{D943DDFF-6633-4A60-BA72-0A651E1F1B70}D:\multimedia\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe |
"TCP Query User{E66DB5AD-B15C-418C-9C1A-8EB2BF04E73B}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
"TCP Query User{F3846BD6-EDC4-4032-8051-18F2D93615C1}D:\progz\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\progz\skype\phone\skype.exe |
"TCP Query User{F3A982EA-8AF2-422A-9C07-77EFFE9B6EE9}D:\progz\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\progz\soulseek\slsk.exe |
"TCP Query User{F9A70970-DE5E-4300-8C7E-CCE02C2972BD}D:\multimedia\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe |
"TCP Query User{FA313693-53EF-4B0F-9137-3220F77001BF}D:\progz\utorrent.exe" = protocol=6 | dir=in | app=d:\progz\utorrent.exe |
"UDP Query User{05788829-8669-4BFC-80A1-B412A90E6C99}D:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe |
"UDP Query User{07B03877-E016-4ACA-AF2C-73EB64AF23BB}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{07D5686C-7F2F-48BD-ACA7-78D02FF17A91}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"UDP Query User{09D090C8-499A-404E-87AE-FF3A42F4FABE}D:\progz\utorrent.exe" = protocol=17 | dir=in | app=d:\progz\utorrent.exe |
"UDP Query User{0D548AFF-AE31-4562-81E8-0D83BD4F909E}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"UDP Query User{31D5F2B4-6D9D-49E9-9447-0CB6760F86DA}D:\progz\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\progz\trillian\trillian.exe |
"UDP Query User{3DE314B7-E1C2-475A-B0F2-E5D98ECAC61F}D:\multimedia\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe |
"UDP Query User{54BEDA87-7C07-4DAB-A6B9-D2738803DA9B}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{5739C7B3-05FE-4AFB-8D84-F9AA53AE49C0}C:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe |
"UDP Query User{574A4D94-09D0-49BF-8994-1490F720D097}D:\multimedia\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe |
"UDP Query User{60B4F41C-D487-4B2D-9136-16058C8B49B1}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe |
"UDP Query User{66B3B712-1FB6-4EB3-96A0-4ECDBD646615}D:\progz\opera\opera.exe" = protocol=17 | dir=in | app=d:\progz\opera\opera.exe |
"UDP Query User{67A5D9BC-9417-4D4A-A0D3-BD299CA7CAA0}D:\progz\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\progz\soulseek\slsk.exe |
"UDP Query User{865B650D-B746-491D-B6E0-8A59EA769B7A}D:\multimedia\games\medal of honor\mohaa.exe" = protocol=17 | dir=in | app=d:\multimedia\games\medal of honor\mohaa.exe |
"UDP Query User{92D670F6-FE78-43B5-8C58-741B601907E2}C:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe |
"UDP Query User{AEE66092-4496-4B48-B3F5-BC3C4D427609}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"UDP Query User{B0F6F9DD-C6C3-48A7-AEE6-357FF557A17E}D:\downloads\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=d:\downloads\wow-language-pack-engb-downloader.exe |
"UDP Query User{B12DD12E-FD67-4A4B-90CF-4DCC8BE8CCE0}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{BB5D595C-4E65-484B-A7EA-2E8697509714}D:\progz\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\progz\skype\phone\skype.exe |
"UDP Query User{C470C08B-FF90-425A-B6D7-DE04C7C43BBA}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe |
"UDP Query User{D1103816-7B0F-4C76-932A-2C4FC0FA1928}C:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe |
"UDP Query User{D345F213-1741-4893-AB63-5E0CE762BD76}D:\progz\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\progz\trillian\trillian.exe |
"UDP Query User{E10DA622-793F-46E1-A2D8-903FCCECAC0E}D:\progz\opera\opera.exe" = protocol=17 | dir=in | app=d:\progz\opera\opera.exe |
"UDP Query User{E93AC70E-614D-4B4C-B738-A76945C73919}D:\progz\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\progz\skype\phone\skype.exe |
"UDP Query User{EF4DA782-CB5D-4BDB-ABAD-75A49CCC63CA}D:\progz\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\progz\soulseek\slsk.exe |
"UDP Query User{F13EDCF5-8FC2-4F6C-96A6-4597C529E402}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{084F0F60-DA25-4A86-A954-1BE5FE19E495}" = TSR Launcher
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2D7947C2-65F2-48ED-AA76-AE40AAAE97CD}" = TSR Workshop
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{32347E43-C68C-423B-9DC8-A22CE16DE0C1}" = MyMicroBalance
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5F1B30-B10B-4579-86DD-D00F662E1031}" = Nero 8
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F726761-6E69-7A65-7236-2E31302D0409}" = IBM Lotus Organizer 6 - English
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.7.2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9E4BB29-FA98-401B-9EDE-9906906E33DE}" = Paragon Festplatten Manager 2008 Suite
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice Software" = Alice Software 4.10.0
"amg-ageoforaclestarasjourney" = Age of Oracles - Tara's Journey
"am-royalenvoytm" = Royal Envoy(TM)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Royal Envoy" = Royal Envoy
"BFG-Royal Envoy Collector's Edition" = Royal Envoy Collector's Edition
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Cinergy T USB XE (MKII)" = Cinergy T USB XE (MKII) V6.09.28.05b
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ExpressRip" = Express Rip
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"LManager" = Launch Manager
"LogoMaker_is1" = LogoMaker 2.0
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"MobMap_is1" = MobMap 3.46
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"My Kingdom for the Princess1.0" = My Kingdom for the Princess
"MyDefrag_is1" = MyDefrag v4.1.2
"NVIDIA Drivers" = NVIDIA Drivers
"Organizer Conversion Utility" = Organizer Conversion Utility
"Picasa 3" = Picasa 3
"Rainlendar2" = Rainlendar2 (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"Royal Envoy_is1" = Royal Envoy
"Royal Envoy™ Collector’s Edition_is1" = Royal Envoy™ Collector’s Edition
"Sea Voyage 3D Screensaver_is1" = Sea Voyage 3D Screensaver 1.0
"Soulseek" = SoulSeek Client 156c
"Steam App 400" = Portal
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"tvbrowser" = TV-Browser 3.0-beta2
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Warcraft II_is1" = Warcraft II
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.07.2010 12:41:08 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:41:48 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:42:29 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:43:09 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:43:50 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:44:30 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:45:12 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:45:52 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:46:32 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
Error - 05.07.2010 12:47:12 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 20.07.2010 14:51:03 | Computer Name = Ridgeback | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = DCOM | ID = 10005
Description =
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7009
Description =
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7000
Description =
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7009
Description =
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7000
Description =
Error - 21.07.2010 09:29:54 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7009
Description =
Error - 21.07.2010 09:29:54 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7000
Description =
Error - 21.07.2010 09:33:56 | Computer Name = Ridgeback | Source = DCOM | ID = 10010
Description =
Error - 21.07.2010 17:16:23 | Computer Name = Ridgeback | Source = DCOM | ID = 10010
Description =
< End of report >
Toll, nun weiß jeder dass ich ein absoluter Spielejunkie bin  |
|
22.07.2010, 20:51
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool - bin ich es los? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- File not found
O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell - "" = AutoRun
O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell - "" = AutoRun
O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell - "" = AutoRun
O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F1535D7B
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:41C283B2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1013B07C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:ABD3B354
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DF695222
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4220A65C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F878F14A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D88D995C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FF818E2B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:66633281
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1AF93AF4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:61E5F0F7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:557AD709
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A78FEBF9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0888F409
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3BD11093
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:C8182692
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Security Tool - bin ich es los? |
|
23.07.2010, 14:01
| #7 |
| | Security Tool - bin ich es los? Voilà, le Ergebnis: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ not found.
File E:\Einstiegsseite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59751b64-5078-11df-a75e-00235a84f537}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59751b64-5078-11df-a75e-00235a84f537}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aac49e3-760c-11df-8e91-00235a84f537}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aac49e3-760c-11df-8e91-00235a84f537}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904202d8-94a6-11de-a9fb-00242cf8163d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904202d8-94a6-11de-a9fb-00242cf8163d}\ not found.
File F:\Autorun.exe not found.
ADS C:\ProgramData\Temp:F1535D7B deleted successfully.
ADS C:\ProgramData\Temp:41C283B2 deleted successfully.
ADS C:\ProgramData\Temp:1013B07C deleted successfully.
ADS C:\ProgramData\Temp:ABD3B354 deleted successfully.
ADS C:\ProgramData\Temp:DF695222 deleted successfully.
ADS C:\ProgramData\Temp:4220A65C deleted successfully.
ADS C:\ProgramData\Temp:F878F14A deleted successfully.
ADS C:\ProgramData\Temp:D88D995C deleted successfully.
ADS C:\ProgramData\Temp:193426B4 deleted successfully.
ADS C:\ProgramData\Temp:FF818E2B deleted successfully.
ADS C:\ProgramData\Temp:66633281 deleted successfully.
ADS C:\ProgramData\Temp:1AF93AF4 deleted successfully.
ADS C:\ProgramData\Temp:61E5F0F7 deleted successfully.
ADS C:\ProgramData\Temp:557AD709 deleted successfully.
ADS C:\ProgramData\Temp:A78FEBF9 deleted successfully.
ADS C:\ProgramData\Temp:9D03192E deleted successfully.
ADS C:\ProgramData\Temp:07D9FF25 deleted successfully.
ADS C:\ProgramData\Temp:0888F409 deleted successfully.
ADS C:\ProgramData\Temp:3BD11093 deleted successfully.
ADS C:\ProgramData\Temp:C8182692 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: **Adminprofil**
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 49674711 bytes
->FireFox cache emptied: 12278771 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 963 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: **Privatprofil**
->Temp folder emptied: 259491 bytes
->Temporary Internet Files folder emptied: 9498643 bytes
->Java cache emptied: 51841718 bytes
->FireFox cache emptied: 35908412 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 10732 bytes
User: Public
User: **Büroprofil**
->Temp folder emptied: 16504127 bytes
->Temporary Internet Files folder emptied: 516873 bytes
->Java cache emptied: 26368437 bytes
->Opera cache emptied: 1498965 bytes
->Flash cache emptied: 9194 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 195,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 07232010_145504
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Vielen Dank, dass du mir hilfst  |
|
23.07.2010, 17:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool - bin ich es los? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Security Tool - bin ich es los? |
| antivir, benutzerkonten, benutzerkonto, ccleaner, eingeschränkt, gefährlich, hijack, hijackthis, home, home premium, hosts, hosts-datei, kein taskmanager, klicke, malwarebytes, mbam, neu, panik, pc läuft, pdf, registry, security, security tool, sicherheit, starten, taskmanager, tool, updates, vista, vista home premium, windows updates |
Linear-Darstellung
