Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.12.2010, 16:57   #1
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo,

ich habe mir heute den Security Shield Trojaner eingefangen und ihn so wie in der Anleitung "My Security Shield entfernen" angegeben, beseitigt.
Der Rechner läuft soweit ich das beurteilen kann wieder normal.
Zur Sicherheit habe ich nochmal das Programm SUPERAntiSpyware drüberlaufen lassen, dieses hat dann doch noch etliche Einträge gefunden.
Ich wäre sehr dankbar wenn sich die Logs nochmal jemand anschauen könnte.
Die gefundenen Datein befinden sich momentan in Quarantäne, da ich nicht sicher bin ob ich sie einfach löschen kann.

Hier nun eine Handvoll Logs die ich bisher zusammengetragen habe:

Log von Malwarebytes Anti- Malware nach Entfernung von Security Shild:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5400

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

27.12.2010 03:21:56
mbam-log-2010-12-27 (03-21-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 373640
Laufzeit: 44 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Hier das MBRCheck Log:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer:	Acer
BIOS Manufacturer:		AMI
System Manufacturer:		Acer
System Product Name:		Aspire M7720
Logical Drives Mask:		0x000003fc

Kernel Drivers (total 150):
  0x02048000 \SystemRoot\system32\ntoskrnl.exe
  0x02002000 \SystemRoot\system32\hal.dll
  0x00602000 \SystemRoot\system32\kdcom.dll
  0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00647000 \SystemRoot\system32\PSHED.dll
  0x0065B000 \SystemRoot\system32\CLFS.SYS
  0x006B8000 \SystemRoot\system32\CI.dll
  0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x008EE000 \SystemRoot\system32\drivers\acpi.sys
  0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00957000 \SystemRoot\system32\drivers\pci.sys
  0x00987000 \SystemRoot\System32\drivers\partmgr.sys
  0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
  0x0076A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x009B0000 \SystemRoot\System32\drivers\mountmgr.sys
  0x009C3000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x00A0D000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x00B27000 \SystemRoot\system32\drivers\atapi.sys
  0x00B2F000 \SystemRoot\system32\drivers\ataport.SYS
  0x00B53000 \SystemRoot\system32\drivers\msahci.sys
  0x00B5D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00B6D000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00BB4000 \SystemRoot\system32\drivers\fileinfo.sys
  0x00BC8000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x00C08000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
  0x00C8F000 \SystemRoot\system32\drivers\msrpc.sys
  0x00CDF000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0100F000 \SystemRoot\System32\drivers\tcpip.sys
  0x01185000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0120C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
  0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
  0x013D8000 \SystemRoot\System32\Drivers\mup.sys
  0x011B1000 \SystemRoot\System32\drivers\ecache.sys
  0x013EA000 \SystemRoot\system32\drivers\disk.sys
  0x00FD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
  0x02523000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x02530000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x02539000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0254C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x02C0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x02A03000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x02AE6000 \SystemRoot\System32\drivers\watchdog.sys
  0x02AF6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x0333C000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
  0x02BE3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x0338C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x02BEF000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x033D2000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x033E4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x025A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x033F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x025B6000 \SystemRoot\system32\DRIVERS\serial.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x025D3000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x025EF000 \SystemRoot\system32\Drivers\NTIDrvr.sys
  0x025F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x02400000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x011EB000 \SystemRoot\system32\drivers\ksthunk.sys
  0x00D38000 \SystemRoot\system32\drivers\ks.sys
  0x00D6C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x0340D000 \SystemRoot\system32\DRIVERS\storport.sys
  0x0346A000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03477000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x0349A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x034A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x034D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x034E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03505000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x0351D000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03530000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x03532000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x0353D000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x0354D000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x03595000 \SystemRoot\system32\drivers\AtiHdmi.sys
  0x035B6000 \SystemRoot\system32\drivers\portcls.sys
  0x00DA5000 \SystemRoot\system32\drivers\drmk.sys
  0x04001000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x0416E000 \SystemRoot\system32\drivers\gwfilt64.sys
  0x0417C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04190000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x0419A000 \SystemRoot\System32\Drivers\Null.SYS
  0x041AE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x041B6000 \SystemRoot\System32\drivers\vga.sys
  0x041C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x041E9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x041F2000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x041A3000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x00DC8000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x035F1000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x00DD9000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x00BD1000 \SystemRoot\system32\DRIVERS\smb.sys
  0x04208000 \SystemRoot\system32\drivers\afd.sys
  0x04273000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x042B7000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x042D5000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x042E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x042FF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
  0x04309000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
  0x04313000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04360000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0436C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x04389000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x043AB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x043C7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x043C9000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x043D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x043E4000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x043F4000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x009CB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x03400000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x02592000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x02408000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x04408000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x00050000 \SystemRoot\System32\win32k.sys
  0x04522000 \SystemRoot\System32\drivers\Dxapi.sys
  0x0452E000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00470000 \SystemRoot\System32\TSDDD.dll
  0x00670000 \SystemRoot\System32\cdd.dll
  0x04541000 \SystemRoot\system32\drivers\luafv.sys
  0x04563000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x02416000 \SystemRoot\system32\drivers\spsys.sys
  0x04580000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x04594000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x06401000 \SystemRoot\system32\drivers\HTTP.sys
  0x064A4000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x064CD000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x064EB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x06505000 \SystemRoot\system32\drivers\mrxdav.sys
  0x0652C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x06555000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0659E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x065BD000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x06802000 \SystemRoot\System32\DRIVERS\srv.sys
  0x06896000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x068E5000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
  0x068FD000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x0690A000 \SystemRoot\system32\drivers\peauth.sys
  0x069C0000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0x069C9000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0x069DC000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x069E7000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x045AC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x045CC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x045E2000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x771A0000 \Windows\System32\ntdll.dll

Processes (total 82):
       0 System Idle Process
       4 System
     504 C:\Windows\System32\smss.exe
     572 csrss.exe
     628 C:\Windows\System32\wininit.exe
     648 csrss.exe
     684 C:\Windows\System32\services.exe
     696 C:\Windows\System32\lsass.exe
     704 C:\Windows\System32\lsm.exe
     860 C:\Windows\System32\svchost.exe
     920 C:\Windows\System32\winlogon.exe
     992 C:\Windows\System32\svchost.exe
     340 C:\Windows\System32\svchost.exe
     380 C:\Windows\System32\atiesrxx.exe
     352 C:\Windows\System32\svchost.exe
     552 C:\Windows\System32\svchost.exe
     576 C:\Windows\System32\svchost.exe
     732 C:\Windows\System32\audiodg.exe
    1040 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\SLsvc.exe
    1108 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\svchost.exe
    1468 C:\Windows\System32\spoolsv.exe
    1492 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1508 C:\Windows\System32\svchost.exe
    1812 C:\Windows\System32\atieclxx.exe
    1180 C:\Windows\System32\dwm.exe
    2072 C:\Windows\System32\taskeng.exe
    2104 C:\Windows\explorer.exe
    2180 C:\Windows\System32\taskeng.exe
    2512 C:\Program Files\Windows Defender\MSASCui.exe
    2520 C:\Windows\RAVCpl64.exe
    2536 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    2544 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    2552 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
    2568 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    2576 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    2584 C:\Windows\ehome\ehtray.exe
    2592 C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
    2600 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    2608 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2672 C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
    2688 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2704 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2712 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    2768 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2788 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    2832 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    2852 C:\Windows\SysWOW64\bgsvcgen.exe
    2880 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2892 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    2920 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    3024 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    3052 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
     700 C:\Windows\ehome\ehmsas.exe
     980 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    2252 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
    2492 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1352 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2652 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2164 C:\Windows\SysWOW64\PnkBstrA.exe
    3080 C:\Windows\System32\svchost.exe
    3112 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    3136 C:\Windows\System32\svchost.exe
    3172 C:\Windows\System32\svchost.exe
    3212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3276 C:\Windows\System32\SearchIndexer.exe
    3400 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    3580 WUDFHost.exe
    3716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    1304 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4116 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4240 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3808 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4904 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    5020 WmiPrvSE.exe
     524 C:\Windows\System32\VSSVC.exe
    4312 C:\Windows\System32\svchost.exe
    2024 dllhost.exe
    4800 dllhost.exe
    5024 C:\Users\Allgemein\Downloads\Spyware vernichten\MBRCheck.exe
    3132 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005f`58500000  (NTFS)

PhysicalDrive0 Model Number: WDCWD10EAVS-00D7B1, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0   Acer MBR code detected
            SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003


Done!
         
Und zum Schluss das SUPERAntiSpyware Log:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/27/2010 at 04:15 PM

Application Version : 4.47.1000

Core Rules Database Version : 6072
Trace Rules Database Version: 3884

Scan type       : Complete Scan
Total Scan Time : 01:32:26

Memory items scanned      : 746
Memory threats detected   : 0
Registry items scanned    : 13311
Registry threats detected : 0
File items scanned        : 233540
File threats detected     : 31

Trojan.Agent/Gen-Koobface[Bonkers]
	D:\PROGRAMME\LOGICCODE\SPLIT IT\SPLIT IT.EXE
	C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\LOGICCODE\SPLIT IT\SPLIT IT.LNK
	C:\USERS\ALLGEMEIN\DESKTOP\NICHT VERWENDETE VERKNüPFUNGEN\SPLIT IT.LNK

Trojan.Agent/Gen-IEFake
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\H\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\PROCS\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\H\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\H\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\PROCS\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\H\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\PROCS\IEXPLORE.EXE
	C:\Windows\Prefetch\IEXPLORE.EXE-00CFD614.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-11D07DDF.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-180A086C.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-1E4392F9.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-2BCB2F41.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-56C6886E.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-81C1E19B.pf

Trojan.Agent/Gen-IExplorer[Fake]
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX5\NIRD\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX3\NIRD\IEXPLORE.EXE
	C:\USERS\ALLGEMEIN\APPDATA\LOCAL\TEMP\RARSFX4\NIRD\IEXPLORE.EXE
	C:\Windows\Prefetch\IEXPLORE.EXE-610B2EDF.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-6D01CA8A.pf
	C:\Windows\Prefetch\IEXPLORE.EXE-78F86635.pf
         
Ich hoffe ihr könnt mir helfen meinen Rechner wieder sicher zu bekommen.

Vielen, vielen Dank im Vorraus
Gruß
Yetzirah

Alt 28.12.2010, 12:39   #2
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo,

hier noch ein paar zusätzliche Logs.

HiJackThis Log:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:29:44, on 28.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52586
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] "C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MotionSD STUDIO - Autostart SD Browser -.lnk = C:\Program Files (x86)\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10963 bytes
         
Und die beiden OTL Logs:

OLT Log:
Code:
ATTFilter
OTL logfile created on: 28.12.2010 14:07:09 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS
 
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gamestar.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Programme\browserrecord\firefox\ext [2009.12.25 15:34:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.18 10:46:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.18 10:46:18 | 000,000,000 | ---D | M]
 
[2008.12.31 00:08:53 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Extensions
[2010.12.28 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions
[2010.04.30 13:53:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.29 12:52:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.03 00:50:34 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.12.29 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\imagedownload@whygudu.iblog.cn
[2010.12.22 13:10:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.14 15:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.26 20:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 13:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.14 01:41:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.14 01:41:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.14 01:41:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.14 01:41:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.11.14 01:41:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.27 03:48:33 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel]  File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.28 14:05:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe
[2010.12.28 13:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\SUPERAntiSpyware.com
[2010.12.27 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.12.27 14:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.12.27 14:36:03 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.12.27 04:08:33 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\Desktop\Sicherheit
[2010.12.27 03:53:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.27 02:22:34 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Malwarebytes
[2010.12.27 02:22:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.27 02:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.27 02:22:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.27 02:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.27 01:31:30 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr
[2010.12.25 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Avira
[2010.12.22 13:10:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.12.22 13:10:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.12.21 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Roaming\Stardock
[2010.12.21 17:52:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6C72D0C5-6D41-4646-A187-62A044E7F55E}
[2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010.12.21 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010.12.21 17:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489}
[2010.12.21 17:39:20 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\PackageAware
[2010.12.18 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\Allgemein\AppData\Local\Ironclad Games
[2010.12.18 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso
[2010.12.18 10:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.12.15 09:47:28 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 09:47:28 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 09:47:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.12.15 09:47:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.12.15 09:47:28 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 09:47:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 09:47:25 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 09:47:17 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 09:47:17 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 09:47:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 09:47:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.12.15 09:47:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.12.15 09:47:16 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.12.15 09:47:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.12.15 09:47:16 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 09:47:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 09:47:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 09:47:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.12.15 09:47:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 09:47:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 09:47:16 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.12.15 09:47:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.12.15 09:47:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.12.15 09:47:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.12.15 09:47:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 09:47:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.12.15 09:47:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.12.15 09:47:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.12.15 09:47:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.12.15 09:47:16 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 09:47:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 09:47:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.12.15 09:47:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 09:47:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 09:47:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.15 09:47:05 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 09:47:05 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 09:47:05 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 09:47:05 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 09:47:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 09:47:05 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.11.29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2008.11.02 01:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.28 14:07:39 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.28 14:07:39 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.28 14:07:39 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.28 14:07:39 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.28 14:07:39 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.28 14:05:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe
[2010.12.28 14:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.28 14:02:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.12.28 14:01:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.28 14:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.28 14:01:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job
[2010.12.27 16:56:33 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc
[2010.12.27 04:07:19 | 000,022,918 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg
[2010.12.27 04:06:53 | 000,110,068 | ---- | M] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg
[2010.12.27 03:48:33 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010.12.27 02:02:13 | 000,004,379 | ---- | M] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
[2010.12.25 18:00:34 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101227-013740.backup
[2010.12.24 02:37:36 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101225-180034.backup
[2010.12.23 02:40:20 | 000,428,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101224-023736.backup
[2010.12.23 02:39:35 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-024020.backup
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.18 10:37:49 | 000,427,674 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101223-023935.backup
[2010.12.17 16:17:50 | 000,301,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.12 16:56:45 | 000,025,088 | ---- | M] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc
[2010.12.05 23:35:09 | 000,000,000 | ---- | M] () -- C:\Users\Allgemein\Documents\NEWSOFT
[2010.12.05 15:28:35 | 000,025,600 | ---- | M] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc
[2010.11.29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2010.12.27 15:51:37 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rentenvrsicherung.doc
[2010.12.27 04:07:14 | 000,022,918 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040712.reg
[2010.12.27 04:06:41 | 000,110,068 | ---- | C] () -- C:\Users\Allgemein\Documents\cc_20101227_040631.reg
[2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
[2010.12.12 16:40:37 | 000,025,088 | ---- | C] () -- C:\Users\Allgemein\Documents\Dr.Schreiber.Dok.doc
[2010.12.05 15:18:01 | 000,025,600 | ---- | C] () -- C:\Users\Allgemein\Documents\Rekers, doc.doc
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.04.10 16:49:49 | 000,437,210 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI213B.txt
[2010.04.10 16:49:49 | 000,012,578 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI213B.txt
[2010.01.08 20:07:21 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\memio.dll
[2010.01.08 19:27:35 | 000,000,293 | ---- | C] () -- C:\Windows\asfbinapp.INI
[2010.01.06 18:27:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.31 17:16:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.09.26 22:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.26 22:42:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.03.29 14:06:57 | 000,420,038 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI146E.txt
[2009.03.29 14:06:56 | 000,012,266 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI146E.txt
[2009.01.13 23:47:51 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009.01.13 23:46:50 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.01.11 20:46:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.07 13:43:12 | 000,000,000 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\wklnhst.dat
[2008.12.31 00:52:12 | 000,016,896 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.06 12:44:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.12.06 12:44:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.11.01 17:30:21 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Acer GameZone Console
[2010.06.06 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Bioshock2
[2009.09.02 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Canon
[2009.12.22 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Chilirec
[2010.12.27 02:03:52 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\dsqjqrmkbr
[2008.12.30 22:33:45 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\eSobi
[2010.01.08 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\GSplit
[2009.12.10 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Lite
[2009.08.08 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2009.08.31 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2009.01.13 23:56:04 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\NewSoft
[2009.12.23 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Red Kawa
[2009.12.22 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Regensoft
[2009.01.13 23:46:47 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\ScanSoft
[2010.12.21 17:53:28 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Stardock
[2009.01.07 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Allgemein\AppData\Roaming\Template
[2010.12.28 13:40:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.28 13:37:35 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras Log:
Code:
ATTFilter
OTL Extras logfile created on: 28.12.2010 14:07:10 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 260.43 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 426.39 Gb Free Space | 77.51% Space Free | Partition Type: NTFS
 
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 9F 3C 58 EC 4B 91 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0240063B-1EB7-4F0A-8E93-E8CD96E22FC8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{25BFF978-C264-4859-AE85-7DB82EE643C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3DE0E038-5ADE-4B33-965F-32C3FD6C0A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{40BCBEB3-82D5-47A3-B5FC-16D44011C3EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5711C6B5-9DD6-4886-A79A-D85520181EEC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{69880AA5-1FCB-40B2-A84F-548239754790}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7FDBF630-C604-454B-8B73-31B2379548E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B78A21A9-910C-4D91-B328-9A5B0B3475C2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E1419C83-EC22-479F-AC5D-F56C76A7CC36}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FAF5A809-00FC-46AB-B487-E86B5A009296}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037FFE8B-1E0C-4198-B825-B0ACE994BC4C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | 
"{0660CFC7-D1FB-4584-B077-BEC544B1A303}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{06D67C2F-1D90-483B-AC97-8714ACB840FB}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{07200103-3EB4-46D8-8E1A-C0BC22080E86}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{164ACAF1-B5CB-44F0-8523-9BC94E585EA0}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{174EB543-EC4D-4914-93B6-F45D1F1EFFD7}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{19AB0D20-8B39-467D-A26C-CAF693402058}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{1F3F6B2A-4651-4647-B799-2C8655290083}" = protocol=6 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | 
"{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{2D29DBF0-9793-48A7-A7B5-2C57FD6F7575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{36A69E6B-D297-4E9D-B583-AE0E9069133A}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{3926A940-6255-4858-A59C-24BAD565C595}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{402BD6E0-AAFF-4C52-BB0D-64FFF30AC405}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{4184A000-B161-428B-ADD5-934103A25903}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{4281ACC4-2030-4650-AE7D-8071DF573B8C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{46B930B5-EBB9-453B-B1A8-612D63C3FE8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | 
"{498BEF9C-FCB3-42B6-905E-B3944F793C45}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{4B8B7BF5-F04C-4483-85E1-7562E9C4A179}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{5126C1C9-D94B-402A-A6FB-F2AFC7015F56}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{5129E357-58C0-4E4F-A55C-246BD7507E41}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | 
"{5310592A-71E8-4BC6-B08A-EF08FFDD88EF}" = protocol=6 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | 
"{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{61D7544D-4383-4394-8A24-2C234FCD2B7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6310BD7E-5856-41D7-8996-B2F9706C807C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{67A06FA2-D024-476E-AC7C-563582D7B91B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{6E2DC041-A6D1-45B1-93A9-0A12E698FED1}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{6E6EC19A-F16F-43C3-98F5-5E0D3392F8AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{701DD33D-18F2-4CB9-B581-6061A43E3E52}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{72DC1A8B-8273-4CAA-89F2-4A103B21E4B7}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | 
"{749D543E-9632-43ED-A7D8-0A5F7B3ECF5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{78758A6A-D50F-486E-AF12-BCA62339E8B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7EB20E0F-5B4D-4C92-A279-0865BC982169}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{83E1B206-CF06-46C1-9A5E-7F9768D8C964}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{85E57662-992C-4163-A5B3-C521E7DA5105}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{99959467-C52F-4B68-8D9E-C1C33658B97A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A46525B4-B931-4C4B-9100-3D00B7728D78}" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{A8B9B93E-6010-4443-B7CF-B18798A56653}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{AA70CC46-4FBD-4A5E-BE55-C584F6BCD5DF}" = protocol=17 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | 
"{B33D8B01-E7E1-41ED-9284-DBBBA17B9295}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{BB5DA8A4-AFA8-4794-944E-0B055B3CA629}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{C5C0144D-72DB-4F08-8899-847F54A5336C}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{C65C2B16-A094-4167-8DEB-774A35C6832A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{C8633C17-448C-48CE-9230-5E73BE8CCC06}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D6268E41-2892-42E4-AB00-7E83F83B5170}" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{D99BA6E2-A59F-489C-BF2B-5B478844FEC2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{E3D6342A-6112-4779-82E2-1EA72E2AAB1A}" = protocol=17 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | 
"{E639A33A-6A8E-4377-8635-5DCFE4638CFB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{E7FB9B55-6DD9-4895-A297-930512CDD874}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{EAF8C6E1-08C5-4166-8276-9CE2FE715E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EC35FF56-9005-4B46-916F-08A7DAE9F0BF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{ECAE6A72-D840-48B0-835D-9D0865449697}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{ECC7730F-A00E-4346-858A-294D2349CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F2BFBB60-8BC5-4A94-97AF-645D64BA2B0F}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{F5C4D7E3-38DA-467B-9B93-FDB77C0FAE3B}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{FF75CFB6-2416-4865-9CBE-C4E3F5F8B42C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{33B5272F-A03A-436F-8E4C-A6D01396431B}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe | 
"TCP Query User{3D5F350D-5821-43E1-AAC5-17276690076F}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=6 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | 
"TCP Query User{500A52A5-C468-4B60-8217-304FFD88EE0B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{5A55804B-7D73-4BFA-981B-233EB6073441}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | 
"TCP Query User{666FBBD3-CB60-4BE6-87C2-6E5EDD0FA93F}D:\programme\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\programme\chilirec\chilirec.exe | 
"TCP Query User{7833C700-5A96-45E1-9C4F-18EB190CC7B0}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"TCP Query User{78DE6F70-097C-47C1-883F-FD738F4EF17A}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | 
"TCP Query User{7A188E3A-5C8D-4529-8AC2-EA59ED69BFEE}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{999C1EAC-A83C-4133-9F5F-FD922007EF49}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | 
"TCP Query User{A8082984-749C-4C68-95B7-9EEEE46D9B8A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{AA7A2599-DE98-4FC4-8E93-780F0319684F}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | 
"TCP Query User{C1328922-FB96-42E0-B343-F53B7C93FFEA}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"TCP Query User{D33FE896-1B5C-4D2D-B125-8A6AC36C8D1A}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | 
"TCP Query User{F20D4189-9A49-4D8C-821E-E072845CC6DB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{15573920-5B2A-4733-8F92-272D8300AB68}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"UDP Query User{29B12FD2-CA6E-42A6-91A8-B60D005ED5D2}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{30E27ADE-2D0B-43F0-975D-8183DE686D31}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{332EA9E8-D7B6-4410-9541-CD15051999CD}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=17 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | 
"UDP Query User{42439E35-D610-4E18-81F8-7086057FB250}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{61A5D5A7-9A4A-4DE2-9EE0-E095AB050BAC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{774E6DA8-862E-4B6E-8BD9-A82E3E8652FA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{A7334D05-C0AF-444C-BC6F-F48AA7F64B56}D:\programme\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\programme\chilirec\chilirec.exe | 
"UDP Query User{B524DDF5-1C13-477C-BEBD-B480FC6AAB2D}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | 
"UDP Query User{BE0E10DA-472C-41DB-AA5C-04940B2606FD}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"UDP Query User{C35C9398-2F54-4B75-A1A9-21697613189E}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe | 
"UDP Query User{D3AECB7A-EAA4-4539-B0A4-1985764C7C6F}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | 
"UDP Query User{DDAAC868-CEBB-4136-AFDB-4EFFCCD11268}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | 
"UDP Query User{F79D21A8-AC4A-4533-8469-E9A0519928A3}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{752CCAEE-8E33-DE50-9454-B377A2205193}" = ccc-utility64
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chilirec_0" = Chilirec 1.01
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Franzis 3D-Eisenbahnplaner 10.0_is1" = Franzis 3D-Eisenbahnplaner 10.0
"GSplit3Set" = GSplit 3
"Homeworld2" = Homeworld2
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"PSP Video 9" = PSP Video 9 5.03
"RealPlayer 12.0" = RealPlayer
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"Splitit" = Split it 3.2
"StarCraft II" = StarCraft II
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 43110" = Metro 2033
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
"YouTube Downloader App" = YouTube Downloader App 2.03
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.08.2010 12:13:12 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.08.2010 12:59:02 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.08.2010 08:55:13 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.08.2010 08:56:34 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3,  Prozess-ID 0x894, Anwendungsstartzeit
 01cb42c25851b509.
 
Error - 23.08.2010 12:37:55 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 09:37:01 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 11:52:43 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 12:06:45 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 27.12.2010 09:33:23 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.12.2010 12:17:14 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.12.2010 13:19:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.12.2010 13:20:20 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.12.2010 14:35:25 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.12.2010 14:36:24 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.12.2010 08:18:26 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.12.2010 08:19:12 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.12.2010 09:01:07 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.12.2010 09:01:50 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Gruß
Yetzirah
__________________


Geändert von Yetzirah (28.12.2010 um 13:14 Uhr)

Alt 08.02.2011, 15:49   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo und

Die geposteten Logs sind zu alt, daher bitte neue machen:

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________

Alt 09.02.2011, 00:26   #4
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Icon17

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo Cosinus,

danke für deine Hilfe, hier die Logs:

Vollscan mit Malewarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5715

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

09.02.2011 00:19:13
mbam-log-2011-02-09 (00-19-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 384481
Laufzeit: 51 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Das Malewarebytes Log der Entfernung von Security Shild:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5400

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

27.12.2010 02:25:56
mbam-log-2010-12-27 (02-25-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153857
Laufzeit: 1 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\ALLGEM~1\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\allgemein\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\allgemein\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\allgemein\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\Users\allgemein\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         
Alle anderen Suchläufe zwischen diesen beiden haben keinerlei Funde zu Tage gefördert.

Hier das OLT Log:
Code:
ATTFilter
OTL logfile created on: 09.02.2011 00:23:12 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 53.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 257.67 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 410.19 Gb Free Space | 74.56% Space Free | Partition Type: NTFS
Drive F: | 7.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Games\Steam\GameOverlayUI.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - d:\Games\Steam\steamapps\common\supreme commander 2\bin\SupremeCommander2.exe (Gas Powered Games)
PRC - D:\Games\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gamestar.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.28 22:52:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.28 22:52:04 | 000,000,000 | ---D | M]
 
[2008.12.31 00:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Extensions
[2011.02.08 14:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions
[2010.04.30 13:53:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.08 14:22:06 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.01.22 13:28:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.22 13:28:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.12.29 13:33:45 | 000,000,000 | ---D | M] ("Image Download") -- C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\extensions\imagedownload@whygudu.iblog.cn
[2010.12.22 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.14 15:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.26 20:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 13:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.14 01:41:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.14 01:41:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.14 01:41:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.14 01:41:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.11.14 01:41:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.22 12:44:20 | 000,428,601 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14760 more lines...
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology]  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel]  File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.09 00:20:08 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe
[2011.01.13 18:26:16 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.13 18:26:16 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.13 18:26:11 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2011.01.11 15:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2008.11.02 01:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.09 00:20:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Allgemein\Desktop\OTL.exe
[2011.02.09 00:05:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.08 23:23:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.02.08 23:22:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.08 23:22:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.08 23:22:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.08 23:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.08 17:57:21 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job
[2011.02.07 19:12:28 | 000,019,456 | ---- | M] () -- C:\Users\Allgemein\Documents\Absclag.xls
[2011.01.22 12:44:20 | 000,428,601 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2011.01.17 07:36:44 | 000,002,675 | ---- | M] () -- C:\Users\Allgemein\Desktop\Microsoft Excel.lnk
[2011.01.14 18:43:19 | 001,467,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.14 18:43:19 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.14 18:43:19 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.14 18:43:19 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.14 18:43:19 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.02.07 18:12:17 | 000,019,456 | ---- | C] () -- C:\Users\Allgemein\Documents\Absclag.xls
[2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.04.10 16:49:49 | 000,437,210 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI213B.txt
[2010.04.10 16:49:49 | 000,012,578 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI213B.txt
[2010.01.08 20:07:21 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\memio.dll
[2010.01.08 19:27:35 | 000,000,293 | ---- | C] () -- C:\Windows\asfbinapp.INI
[2010.01.06 18:27:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.31 17:16:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.09.26 22:42:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.26 22:42:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.03.29 14:06:57 | 000,420,038 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistMSI146E.txt
[2009.03.29 14:06:56 | 000,012,266 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\dd_vcredistUI146E.txt
[2009.01.13 23:47:51 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009.01.13 23:46:50 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.01.11 20:46:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.07 13:43:12 | 000,000,000 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\wklnhst.dat
[2008.12.31 00:52:12 | 000,016,896 | ---- | C] () -- C:\Users\Allgemein\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.06 12:44:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.12.06 12:44:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008.11.01 17:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

< End of report >
         
Und das OLT Extras Log:
Code:
ATTFilter
OTL Extras logfile created on: 09.02.2011 00:23:12 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Allgemein\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 53.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.72 Gb Total Space | 257.67 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 550.13 Gb Total Space | 410.19 Gb Free Space | 74.56% Space Free | Partition Type: NTFS
Drive F: | 7.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ASPIRE-M7720 | User Name: Allgemein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 9F 3C 58 EC 4B 91 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0240063B-1EB7-4F0A-8E93-E8CD96E22FC8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{25BFF978-C264-4859-AE85-7DB82EE643C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3DE0E038-5ADE-4B33-965F-32C3FD6C0A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{40BCBEB3-82D5-47A3-B5FC-16D44011C3EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5711C6B5-9DD6-4886-A79A-D85520181EEC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{69880AA5-1FCB-40B2-A84F-548239754790}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7FDBF630-C604-454B-8B73-31B2379548E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B78A21A9-910C-4D91-B328-9A5B0B3475C2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E1419C83-EC22-479F-AC5D-F56C76A7CC36}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FAF5A809-00FC-46AB-B487-E86B5A009296}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037FFE8B-1E0C-4198-B825-B0ACE994BC4C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | 
"{0660CFC7-D1FB-4584-B077-BEC544B1A303}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{06D67C2F-1D90-483B-AC97-8714ACB840FB}" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{07200103-3EB4-46D8-8E1A-C0BC22080E86}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{164ACAF1-B5CB-44F0-8523-9BC94E585EA0}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{174EB543-EC4D-4914-93B6-F45D1F1EFFD7}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{19AB0D20-8B39-467D-A26C-CAF693402058}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{1F3F6B2A-4651-4647-B799-2C8655290083}" = protocol=6 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | 
"{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{270AF61F-1325-4106-95DB-9EC47C72E41A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{29F1B19E-74C3-45C8-BF4C-DAFDF5BC40F4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{2CE71D41-DE1F-4918-8034-0BC142FCFB1E}" = protocol=6 | dir=in | app=d:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{2D29DBF0-9793-48A7-A7B5-2C57FD6F7575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{36A69E6B-D297-4E9D-B583-AE0E9069133A}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{3926A940-6255-4858-A59C-24BAD565C595}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{402BD6E0-AAFF-4C52-BB0D-64FFF30AC405}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{4184A000-B161-428B-ADD5-934103A25903}" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{4281ACC4-2030-4650-AE7D-8071DF573B8C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{46B930B5-EBB9-453B-B1A8-612D63C3FE8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe | 
"{498BEF9C-FCB3-42B6-905E-B3944F793C45}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{4B8B7BF5-F04C-4483-85E1-7562E9C4A179}" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{5126C1C9-D94B-402A-A6FB-F2AFC7015F56}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{5129E357-58C0-4E4F-A55C-246BD7507E41}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | 
"{5310592A-71E8-4BC6-B08A-EF08FFDD88EF}" = protocol=6 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | 
"{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{61D7544D-4383-4394-8A24-2C234FCD2B7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6310BD7E-5856-41D7-8996-B2F9706C807C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{67A06FA2-D024-476E-AC7C-563582D7B91B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{6E2DC041-A6D1-45B1-93A9-0A12E698FED1}" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{6E6EC19A-F16F-43C3-98F5-5E0D3392F8AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{701DD33D-18F2-4CB9-B581-6061A43E3E52}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{72DC1A8B-8273-4CAA-89F2-4A103B21E4B7}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire.exe | 
"{749D543E-9632-43ED-A7D8-0A5F7B3ECF5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{78758A6A-D50F-486E-AF12-BCA62339E8B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7EB20E0F-5B4D-4C92-A279-0865BC982169}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{83E1B206-CF06-46C1-9A5E-7F9768D8C964}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{85E57662-992C-4163-A5B3-C521E7DA5105}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{99959467-C52F-4B68-8D9E-C1C33658B97A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{999F7D04-0105-447D-B258-FF4F4016E14D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A46525B4-B931-4C4B-9100-3D00B7728D78}" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{A8B9B93E-6010-4443-B7CF-B18798A56653}" = protocol=17 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{AA70CC46-4FBD-4A5E-BE55-C584F6BCD5DF}" = protocol=17 | dir=in | app=d:\games\sega\universe at war earth assault\uawea.exe | 
"{B33D8B01-E7E1-41ED-9284-DBBBA17B9295}" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{BB5DA8A4-AFA8-4794-944E-0B055B3CA629}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{C5C0144D-72DB-4F08-8899-847F54A5336C}" = protocol=6 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{C65C2B16-A094-4167-8DEB-774A35C6832A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{C8633C17-448C-48CE-9230-5E73BE8CCC06}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D6268E41-2892-42E4-AB00-7E83F83B5170}" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{D99BA6E2-A59F-489C-BF2B-5B478844FEC2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{DF5C6719-B034-40B8-AF0D-915C6D4D37A2}" = protocol=17 | dir=in | app=d:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{E3D6342A-6112-4779-82E2-1EA72E2AAB1A}" = protocol=17 | dir=in | app=d:\games\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | 
"{E639A33A-6A8E-4377-8635-5DCFE4638CFB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{E7FB9B55-6DD9-4895-A297-930512CDD874}" = protocol=6 | dir=in | app=d:\games\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{EAF8C6E1-08C5-4166-8276-9CE2FE715E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EC35FF56-9005-4B46-916F-08A7DAE9F0BF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{ECAE6A72-D840-48B0-835D-9D0865449697}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{ECC7730F-A00E-4346-858A-294D2349CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EE42CC51-3F73-4A82-A5BA-0DBF212FA4F6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{F2BFBB60-8BC5-4A94-97AF-645D64BA2B0F}" = protocol=17 | dir=in | app=d:\games\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{F5C4D7E3-38DA-467B-9B93-FDB77C0FAE3B}" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{FF75CFB6-2416-4865-9CBE-C4E3F5F8B42C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{33B5272F-A03A-436F-8E4C-A6D01396431B}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe | 
"TCP Query User{3D5F350D-5821-43E1-AAC5-17276690076F}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=6 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | 
"TCP Query User{500A52A5-C468-4B60-8217-304FFD88EE0B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{5A55804B-7D73-4BFA-981B-233EB6073441}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | 
"TCP Query User{666FBBD3-CB60-4BE6-87C2-6E5EDD0FA93F}D:\programme\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\programme\chilirec\chilirec.exe | 
"TCP Query User{7833C700-5A96-45E1-9C4F-18EB190CC7B0}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"TCP Query User{78DE6F70-097C-47C1-883F-FD738F4EF17A}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | 
"TCP Query User{7A188E3A-5C8D-4529-8AC2-EA59ED69BFEE}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{999C1EAC-A83C-4133-9F5F-FD922007EF49}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=6 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | 
"TCP Query User{A8082984-749C-4C68-95B7-9EEEE46D9B8A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{AA7A2599-DE98-4FC4-8E93-780F0319684F}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | 
"TCP Query User{C1328922-FB96-42E0-B343-F53B7C93FFEA}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"TCP Query User{D33FE896-1B5C-4D2D-B125-8A6AC36C8D1A}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | 
"TCP Query User{F20D4189-9A49-4D8C-821E-E072845CC6DB}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{15573920-5B2A-4733-8F92-272D8300AB68}D:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=d:\games\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"UDP Query User{29B12FD2-CA6E-42A6-91A8-B60D005ED5D2}D:\games\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=d:\games\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{30E27ADE-2D0B-43F0-975D-8183DE686D31}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{332EA9E8-D7B6-4410-9541-CD15051999CD}D:\games\dreamcatcher\genesis rising\bin\genesisrising.exe" = protocol=17 | dir=in | app=d:\games\dreamcatcher\genesis rising\bin\genesisrising.exe | 
"UDP Query User{42439E35-D610-4E18-81F8-7086057FB250}D:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{61A5D5A7-9A4A-4DE2-9EE0-E095AB050BAC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{774E6DA8-862E-4B6E-8BD9-A82E3E8652FA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{A7334D05-C0AF-444C-BC6F-F48AA7F64B56}D:\programme\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\programme\chilirec\chilirec.exe | 
"UDP Query User{B524DDF5-1C13-477C-BEBD-B480FC6AAB2D}D:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\aufstieg des hexenkönigs\patchget.dat | 
"UDP Query User{BE0E10DA-472C-41DB-AA5C-04940B2606FD}D:\games\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"UDP Query User{C35C9398-2F54-4B75-A1A9-21697613189E}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe | 
"UDP Query User{D3AECB7A-EAA4-4539-B0A4-1985764C7C6F}D:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe | 
"UDP Query User{DDAAC868-CEBB-4136-AFDB-4EFFCCD11268}D:\games\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=d:\games\sierra\homeworld2\bin\release\homeworld2.exe | 
"UDP Query User{F79D21A8-AC4A-4533-8469-E9A0519928A3}D:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat" = protocol=17 | dir=in | app=d:\games\electronic arts\the battle for middle-earth (tm) ii\patchget.dat | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{33CF8D2C-0430-2949-FD8F-695C97C472C5}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F6FE1DC-E868-B38A-07E5-897508745128}" = ccc-core-static
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D3D867DD-6C81-E695-4FFE-BE921DF44931}" = Catalyst Control Center Graphics Previews Common
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F08A1CA0-55A7-8244-3A05-7431447CE9BA}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chilirec_0" = Chilirec 1.01
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Franzis 3D-Eisenbahnplaner 10.0_is1" = Franzis 3D-Eisenbahnplaner 10.0
"GSplit3Set" = GSplit 3
"Homeworld2" = Homeworld2
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"PSP Video 9" = PSP Video 9 5.03
"Security Task Manager" = Security Task Manager 1.8c
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"Splitit" = Split it 3.2
"StarCraft II" = StarCraft II
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 43110" = Metro 2033
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
"YouTube Downloader App" = YouTube Downloader App 2.03
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2010 08:56:34 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3,  Prozess-ID 0x894, Anwendungsstartzeit
 01cb42c25851b509.
 
Error - 23.08.2010 12:37:55 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 09:37:01 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 11:52:43 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 12:06:45 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 24.08.2010 12:06:53 | Computer Name = Aspire-M7720 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 26.08.2010 04:04:30 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.08.2010 04:08:12 | Computer Name = Aspire-M7720 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e02a1e, fehlerhaftes Modul msxml6.dll, Version 6.20.5002.0, Zeitstempel 0x4a81a53f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000000050c3,  Prozess-ID 0x8a0, Anwendungsstartzeit
 01cb44f53d61ce50.
 
Error - 26.08.2010 06:55:24 | Computer Name = Aspire-M7720 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.02.2011 06:20:52 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.02.2011 09:19:30 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.02.2011 09:19:30 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.02.2011 09:20:05 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.02.2011 12:35:11 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.02.2011 12:35:11 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.02.2011 12:36:08 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.02.2011 18:22:39 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.02.2011 18:22:39 | Computer Name = Aspire-M7720 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.02.2011 18:23:29 | Computer Name = Aspire-M7720 | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Hier noch ein Log von Avira Antivir, das nach dem Entfernen von Security Shield auch noch einen Schädling gefunden hatte:
Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 31. Dezember 2010  15:58

Es wird nach 2313669 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista x64
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ASPIRE-M7720

Versionsinformationen:
BUILD.DAT      : 10.0.0.609     31824 Bytes  13.12.2010 09:29:00
AVSCAN.EXE     : 10.0.3.5      435368 Bytes  09.12.2010 12:41:44
AVSCAN.DLL     : 10.0.3.0       56168 Bytes  20.04.2010 17:36:44
LUKE.DLL       : 10.0.3.2      104296 Bytes  09.12.2010 12:41:44
LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 09:59:47
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 07:05:36
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 15:20:41
VBASE002.VDF   : 7.11.0.1        2048 Bytes  14.12.2010 15:20:41
VBASE003.VDF   : 7.11.0.2        2048 Bytes  14.12.2010 15:20:41
VBASE004.VDF   : 7.11.0.3        2048 Bytes  14.12.2010 15:20:41
VBASE005.VDF   : 7.11.0.4        2048 Bytes  14.12.2010 15:20:41
VBASE006.VDF   : 7.11.0.5        2048 Bytes  14.12.2010 15:20:41
VBASE007.VDF   : 7.11.0.6        2048 Bytes  14.12.2010 15:20:41
VBASE008.VDF   : 7.11.0.7        2048 Bytes  14.12.2010 15:20:41
VBASE009.VDF   : 7.11.0.8        2048 Bytes  14.12.2010 15:20:41
VBASE010.VDF   : 7.11.0.9        2048 Bytes  14.12.2010 15:20:41
VBASE011.VDF   : 7.11.0.10       2048 Bytes  14.12.2010 15:20:41
VBASE012.VDF   : 7.11.0.11       2048 Bytes  14.12.2010 15:20:41
VBASE013.VDF   : 7.11.0.52     128000 Bytes  16.12.2010 15:20:42
VBASE014.VDF   : 7.11.0.91     226816 Bytes  20.12.2010 16:43:43
VBASE015.VDF   : 7.11.0.122    136192 Bytes  21.12.2010 01:39:59
VBASE016.VDF   : 7.11.0.156    122880 Bytes  24.12.2010 14:42:18
VBASE017.VDF   : 7.11.0.185    146944 Bytes  27.12.2010 17:00:07
VBASE018.VDF   : 7.11.0.228    132608 Bytes  30.12.2010 14:57:31
VBASE019.VDF   : 7.11.0.229      2048 Bytes  30.12.2010 14:57:31
VBASE020.VDF   : 7.11.0.230      2048 Bytes  30.12.2010 14:57:32
VBASE021.VDF   : 7.11.0.231      2048 Bytes  30.12.2010 14:57:32
VBASE022.VDF   : 7.11.0.232      2048 Bytes  30.12.2010 14:57:32
VBASE023.VDF   : 7.11.0.233      2048 Bytes  30.12.2010 14:57:32
VBASE024.VDF   : 7.11.0.234      2048 Bytes  30.12.2010 14:57:32
VBASE025.VDF   : 7.11.0.235      2048 Bytes  30.12.2010 14:57:32
VBASE026.VDF   : 7.11.0.236      2048 Bytes  30.12.2010 14:57:32
VBASE027.VDF   : 7.11.0.237      2048 Bytes  30.12.2010 14:57:32
VBASE028.VDF   : 7.11.0.238      2048 Bytes  30.12.2010 14:57:32
VBASE029.VDF   : 7.11.0.239      2048 Bytes  30.12.2010 14:57:32
VBASE030.VDF   : 7.11.0.240      2048 Bytes  30.12.2010 14:57:32
VBASE031.VDF   : 7.11.0.247     33792 Bytes  31.12.2010 14:57:32
Engineversion  : 8.2.4.134 
AEVDF.DLL      : 8.1.2.1       106868 Bytes  30.07.2010 18:26:49
AESCRIPT.DLL   : 8.1.3.51     1286524 Bytes  31.12.2010 14:57:40
AESCN.DLL      : 8.1.7.2       127349 Bytes  23.11.2010 18:22:29
AESBX.DLL      : 8.1.3.2       254324 Bytes  23.11.2010 18:22:32
AERDL.DLL      : 8.1.9.2       635252 Bytes  23.09.2010 07:56:04
AEPACK.DLL     : 8.2.4.7       512375 Bytes  31.12.2010 14:57:38
AEOFFICE.DLL   : 8.1.1.10      201084 Bytes  23.11.2010 18:22:28
AEHEUR.DLL     : 8.1.2.60     3158392 Bytes  31.12.2010 14:57:37
AEHELP.DLL     : 8.1.16.0      246136 Bytes  04.12.2010 16:27:33
AEGEN.DLL      : 8.1.5.0       397685 Bytes  04.12.2010 16:27:33
AEEMU.DLL      : 8.1.3.0       393589 Bytes  23.11.2010 18:22:15
AECORE.DLL     : 8.1.19.0      196984 Bytes  04.12.2010 16:27:32
AEBB.DLL       : 8.1.1.0        53618 Bytes  24.04.2010 17:34:14
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  14.01.2010 09:59:10
AVPREF.DLL     : 10.0.0.0       44904 Bytes  14.01.2010 09:59:07
AVREP.DLL      : 10.0.0.8       62209 Bytes  18.02.2010 14:47:40
AVREG.DLL      : 10.0.3.2       53096 Bytes  04.11.2010 18:08:22
AVSCPLR.DLL    : 10.0.3.2       84328 Bytes  09.12.2010 12:41:44
AVARKT.DLL     : 10.0.22.6     231784 Bytes  09.12.2010 12:41:43
AVEVTLOG.DLL   : 10.0.0.8      203112 Bytes  26.01.2010 07:53:25
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 10:57:53
AVSMTP.DLL     : 10.0.0.17      63848 Bytes  16.03.2010 13:38:54
NETNT.DLL      : 10.0.0.0       11624 Bytes  19.02.2010 12:40:55
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 11:10:08
RCTEXT.DLL     : 10.0.58.0      98152 Bytes  04.11.2010 18:08:22

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Freitag, 31. Dezember 2010  15:58

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information\datasecu
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information\rkeysecu
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\eula
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\launched
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_sp_hdrdieerweckungdesbalrog
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_te_wow
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_demigod
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_eveonline
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\0209_tr_riddick
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\chapeau claque - ich steine, du steine (peter fox cover)
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\[vimeo-8215444] chapeau claque_ »pale blue«
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\da destiny
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{k7c0db872a3f777c0}
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{i11d9da1eba6cb047}
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Licenses\{011d9da1eba6cb047}
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Exchange\Forms Registry\cachesynccount
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL3.0\defaultvalue
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\last
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet\3.5\Engines\Jet\usercommitsync
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters\trappolltimemillisecs
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared\HTML\knownids
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\8.0\Calendar\cursize
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\8.0\Calendar\lastcompactsize
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\exe full path
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\radio_select
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\MCIEX\m_lang
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Users\Allgemein\Pictures
C:\Users\Allgemein\Pictures
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\tgt_mode
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\copy_mode
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\del_mode
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\path_mode
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\cnfrm_dlg
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nth\ReaderCopy\m_lang
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\The Silicon Realms Toolworks\Armadillo\{0f943452edeba2f7c}
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\showintroframe
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winheight
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winwidth
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
C:\Windows\system32\unregmp2.exe /ShowWMP
C:\Windows\system32\unregmp2.exe /ShowWMP
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files\Windows Media Player
C:\Program Files\Windows Media Player
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files\Windows Media Player
C:\Windows\system32\wbem\Logs\WMITracing.log
C:\Windows\system32\wbem\Logs\WMITracing.log
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Update\network\secure-S-1-5-18\sk
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Update\network\secure-S-1-5-18\c
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa  (truetype)
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype
    [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSMSNLoader32.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'WrtProc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'OpWareSE4.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'MouseEditor.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WrtMon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'Agentsvc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'bgsvcgen.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMSServer.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD4
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD5
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '760' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\Users\Allgemein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-6ff35a79
[0] Archivtyp: ZIP
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
--> bpac/a.class
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
Beginne mit der Suche in 'D:\' <DATA>
D:\Eigene Datein\Sonstiges\STBC Mods\Borg\bdiamond.zip
[0] Archivtyp: ZIP
  --> Bdiamond/dapborgdiamond.ace
    [1] Archivtyp: ACE
--> dapborgdiamond\Data\Models\Ships\BorgDiamond\BorgDiamond.3ds
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!

Beginne mit der Desinfektion:
C:\Users\Allgemein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-6ff35a79
    [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4909a54a.qua' verschoben!


Ende des Suchlaufs: Freitag, 31. Dezember 2010  17:15
Benötigte Zeit:  1:16:16 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  38300 Verzeichnisse wurden überprüft
 740230 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 740229 Dateien ohne Befall
   8587 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise
 853439 Objekte wurden beim Rootkitscan durchsucht
     76 Versteckte Objekte wurden gefunden
         
Ich hoffe du hast alles was du brauchst.

Vielen Dank
Gruß
Yetzirah

Alt 09.02.2011, 10:13   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC -  File not found
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
[2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.02.2011, 14:16   #6
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo,

habe alles so ausgeführt wie angegeben leider hängt sich OLT beim Klick auf den Button Fix direkt auf. Oben im Fensterrahmen steht hinter dem Programmnamen "keine Rückmeldung" und am unterstem Rand des Programms steht "Processing PRC - File not fund...".
Ich habe 20 Minuten gewartet, aber es hat sich nichts mehr getan, der PC hat auch keinerlei Arbeitsgeräusche mehr von sich gegeben wie z.B. das Rattern der Festplatte. Ich habe das Programm dann über den Task-Manager beendet und es noch mehrmals versucht, immer mit dem selben Ergebniss.
Muss ich davor möglicherweise irgendwas deaktivieren? wie z.B den Tea Timer von Spybot oder den Windows Defender?
Wie soll ich weiter verfahren?

Dank und Gruß
Yetzirah

Alt 09.02.2011, 14:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Lassen wir die Zeile weg
Nimm diesen Text als OTL-Fix:

Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52586
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell - "" = AutoRun
O33 - MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady)
[2010.12.27 01:31:32 | 000,004,379 | ---- | C] () -- C:\Users\Allgemein\AppData\Roaming\69DC.595
:Commands
[purity]
[resethosts]
[emptytemp]
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.02.2011, 16:33   #8
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo,

diesesmal hat alles geklappt, hier das Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 52586 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328f3aba-dcb7-11dd-a4c6-0022683b0bad}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{351b4f8e-1766-11e0-ba8d-806e6f6e6963}\ not found.
File move failed. F:\autorun.exe scheduled to be moved on reboot.
C:\Users\Allgemein\AppData\Roaming\69DC.595 moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Allgemein
->Temp folder emptied: 880876 bytes
->Temporary Internet Files folder emptied: 72491807 bytes
->Java cache emptied: 3858691 bytes
->FireFox cache emptied: 76965170 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 12298 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20432209 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 167.00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02092011_172656

Files\Folders moved on Reboot...
File move failed. F:\autorun.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Dank und Gruß
Yetzirah

Alt 10.02.2011, 09:25   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.02.2011, 14:11   #10
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo,

habe alles entsprechend der Anleitungen ausgeführt.

Hier das ComboFix Log:
Code:
ATTFilter
ComboFix 11-02-09.05 - Allgemein 10.02.2011  14:51:08.1.8 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.6134.4407 [GMT 1:00]
ausgeführt von:: c:\users\Allgemein\Desktop\Cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2011-01-10 bis 2011-02-10  ))))))))))))))))))))))))))))))
.

2011-02-10 13:32 . 2011-02-10 13:32	--------	d-----w-	c:\programdata\ATI
2011-02-10 12:56 . 2011-02-10 12:56	--------	d-----w-	c:\program files (x86)\ATI Technologies
2011-02-10 12:48 . 2011-02-10 12:48	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-02-10 12:48 . 2011-02-10 12:48	16384	----a-w-	c:\windows\system32\atimuixx.dll
2011-02-10 12:48 . 2011-02-10 12:48	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-02-10 12:48 . 2011-02-10 12:48	249856	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-02-10 12:46 . 2011-02-10 12:46	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-02-10 12:46 . 2011-02-10 12:46	480256	----a-w-	c:\windows\system32\atieclxx.exe
2011-02-10 12:46 . 2011-02-10 12:46	6815232	----a-w-	c:\windows\system32\aticaldd64.dll
2011-02-10 12:46 . 2011-02-10 12:47	17043968	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-02-10 12:46 . 2011-02-10 12:46	203776	----a-w-	c:\windows\system32\atiesrxx.exe
2011-02-10 12:46 . 2011-02-10 12:46	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-02-10 12:46 . 2011-02-10 12:46	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-02-10 12:46 . 2011-02-10 12:46	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-02-10 08:57 . 2011-01-06 10:52	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-02-09 13:39 . 2011-02-09 13:39	--------	d-----w-	C:\_OTL
2011-02-09 12:24 . 2011-02-09 18:54	--------	d-----w-	c:\users\Allgemein\AppData\Local\The Witcher
2011-02-08 11:14 . 2011-01-13 10:20	7844688	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC4DE615-D186-436A-B414-A11B25AF2D3F}\mpengine.dll
2011-01-11 14:55 . 2011-01-11 14:55	--------	d-----w-	c:\program files (x86)\Microsoft.NET

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 12:48 . 2010-07-07 01:53	708608	----a-w-	c:\windows\system32\aticfx64.dll
2011-02-10 12:47 . 2010-03-03 03:23	58880	----a-w-	c:\windows\system32\coinst.dll
2011-02-10 12:47 . 2010-03-03 03:06	26112	----a-w-	c:\windows\system32\atitmp64.dll
2011-02-10 12:46 . 2010-11-26 02:15	28672	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-02-10 12:45 . 2008-11-02 00:13	5305856	----a-w-	c:\windows\system32\atiumd64.dll
2011-02-10 12:45 . 2010-03-03 03:06	38400	----a-w-	c:\windows\system32\atiu9p64.dll
2010-12-31 12:11 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-31 12:11 . 2009-08-18 10:24	17816	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-28 12:25 . 2010-12-28 12:25	388096	----a-r-	c:\users\Allgemein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-20 17:09 . 2010-12-27 01:22	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-27 01:22	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-07 11:17 . 2010-12-07 11:17	51200	----a-w-	c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15	52736	----a-w-	c:\windows\system32\OpenCL.dll
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2010-11-23 18:22 . 2010-04-10 15:53	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-17 12:04 . 2010-11-17 12:04	111120	----a-w-	c:\windows\system32\drivers\AtihdLH6.sys
2010-11-12 17:53 . 2010-08-14 14:48	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2009-06-16 3317248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 ATICDSDr;ATICDSDr;c:\users\ALLGEM~1\AppData\Local\Temp\ATICDSDr.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-30 110576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [2010-11-17 111120]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2008-06-13 316544]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [2008-04-10 28160]

.
Inhalt des "geplante Tasks" Ordners

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 09:45]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 09:45]

2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{4CEEF1C8-30F7-4373-83E0-45167924CDB7}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:53	50736	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-08-19 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-08-19 323584]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1840720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.hotmail.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1208&m=aspire_m7720
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:52586
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\k4tn3bba.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamestar.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Wow6432Node-HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Skytel - Skytel.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - d:\games\Electronic Arts\The Lord of the Rings


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,6d,c6,3d,21,06,b2,32,ba,a7,65,f2,82,ea,20,95,2a,f9,cd,4f,2c,49,42,
   10,8c,b4,b8,1e,a2,a6,93,64,99,d8,e7,cd,46,80,8a,f8,14,5d,ce,ee,da,55,9a,81,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

[HKEY_USERS\S-1-5-21-290457077-4133656190-4264713463-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,c0,b1,6e,4d,34,c7,2f,9d,17,06,0a,ac,09,bd,ca,f2,ef,e4,de,02,
   3a,5f,e1,5a,92,23,f3,4a,17,00,81,5a,d6,a5,f3,71,5f,cb,fd,b0,39,f5,84,c1,7e,\
"rkeysecu"=hex:19,dc,01,73,eb,c8,53,82,f1,61,cb,8a,c4,64,88,43

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
@="c:\\Windows\\SysWow64\\Macromed\\Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-10  15:01:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-10 14:01

Vor Suchlauf: 14 Verzeichnis(se), 276.858.195.968 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 276.512.358.400 Bytes frei

- - End Of File - - 2E9C695C2D31A41DFAF17BC27D89149A
         
Dank und Gruß
Yetzirah

Alt 10.02.2011, 14:15   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2011, 14:37   #12
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo,

hab alle Scans durchlaufen lassen, anders als auf dem Bild in der GMER Anleitung, konnte ich auf der rechten Seite allerdings nur bei den unteren 3 Punkten (Services, Registry und Files) einen Haken setzen, alle Punkte darüber waren ausgegraut. Nach dem Scan meldete GMER das es nichts gefunden hat, auch das abgespeicherte Log war gänzlich leer.

Hier das MBRCheck Log:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer:	Acer
BIOS Manufacturer:		AMI
System Manufacturer:		Acer
System Product Name:		Aspire M7720
Logical Drives Mask:		0x000007fc

Kernel Drivers (total 151):
  0x02062000 \SystemRoot\system32\ntoskrnl.exe
  0x0201C000 \SystemRoot\system32\hal.dll
  0x0060D000 \SystemRoot\system32\kdcom.dll
  0x00617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00652000 \SystemRoot\system32\PSHED.dll
  0x00666000 \SystemRoot\system32\CLFS.SYS
  0x006C3000 \SystemRoot\system32\CI.dll
  0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x008F4000 \SystemRoot\system32\drivers\acpi.sys
  0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
  0x0095D000 \SystemRoot\system32\drivers\pci.sys
  0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
  0x009A2000 \SystemRoot\system32\drivers\volmgr.sys
  0x00775000 \SystemRoot\System32\drivers\volmgrx.sys
  0x009B6000 \SystemRoot\System32\drivers\mountmgr.sys
  0x009C9000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x00A0A000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x00B24000 \SystemRoot\system32\drivers\atapi.sys
  0x00B2C000 \SystemRoot\system32\drivers\ataport.SYS
  0x00B50000 \SystemRoot\system32\drivers\msahci.sys
  0x00B5A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00B6A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00BB1000 \SystemRoot\system32\drivers\fileinfo.sys
  0x00BC5000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x00C02000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x00E0D000 \SystemRoot\system32\drivers\ndis.sys
  0x00C89000 \SystemRoot\system32\drivers\msrpc.sys
  0x00CD9000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0100B000 \SystemRoot\System32\drivers\tcpip.sys
  0x01181000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0138F000 \SystemRoot\system32\drivers\volsnap.sys
  0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
  0x013DB000 \SystemRoot\System32\Drivers\mup.sys
  0x011AD000 \SystemRoot\System32\drivers\ecache.sys
  0x011D9000 \SystemRoot\system32\drivers\disk.sys
  0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x013ED000 \SystemRoot\system32\drivers\crcdisk.sys
  0x0291E000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x0292B000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x02934000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x02947000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x02C0A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x03441000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03524000 \SystemRoot\System32\drivers\watchdog.sys
  0x03609000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x036F6000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
  0x03746000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x03752000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x03798000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x037A9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x037BB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x037E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x037EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x03534000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03551000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x0355D000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x03600000 \SystemRoot\system32\Drivers\NTIDrvr.sys
  0x03579000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x03582000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x0358A000 \SystemRoot\system32\drivers\ksthunk.sys
  0x03590000 \SystemRoot\system32\drivers\ks.sys
  0x035C4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x02994000 \SystemRoot\system32\DRIVERS\storport.sys
  0x029F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x00D32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x011ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x00D55000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x00D86000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x00D96000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x00DB4000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x00DCC000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x037FB000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x01000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x00DDF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x0380D000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x03855000 \SystemRoot\system32\drivers\AtihdLH6.sys
  0x03875000 \SystemRoot\system32\drivers\portcls.sys
  0x038B0000 \SystemRoot\system32\drivers\drmk.sys
  0x04205000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x04372000 \SystemRoot\system32\drivers\gwfilt64.sys
  0x04380000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04394000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x0439E000 \SystemRoot\System32\Drivers\Null.SYS
  0x043B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x043BA000 \SystemRoot\System32\drivers\vga.sys
  0x043C8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x043ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x043F6000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x043A7000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x038D3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x038E4000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x038ED000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x0390A000 \SystemRoot\system32\DRIVERS\smb.sys
  0x03925000 \SystemRoot\system32\drivers\afd.sys
  0x03990000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x039D4000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x037CB000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x00BCE000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x039F2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
  0x03800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
  0x04403000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04450000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0445C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x04479000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x0449B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x044B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x044B9000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x044C9000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x044D4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x044EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x044F5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x04507000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x04512000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x0451D000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x0456B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x02800000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x00050000 \SystemRoot\System32\win32k.sys
  0x04579000 \SystemRoot\System32\drivers\Dxapi.sys
  0x04585000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x004B0000 \SystemRoot\System32\TSDDD.dll
  0x04598000 \SystemRoot\system32\drivers\luafv.sys
  0x045BA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x006E0000 \SystemRoot\System32\cdd.dll
  0x05E08000 \SystemRoot\system32\drivers\spsys.sys
  0x05EA2000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x05EB6000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x05ECE000 \SystemRoot\system32\drivers\HTTP.sys
  0x05F71000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x05F9A000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x05FB8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x05FD2000 \SystemRoot\system32\drivers\mrxdav.sys
  0x045D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x06201000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0624A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x06269000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0629B000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0632F000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x0637E000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
  0x06396000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x05606000 \SystemRoot\system32\drivers\peauth.sys
  0x056BC000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0x056C5000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0x056D8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x056E3000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x056F3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x05713000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x05729000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x777F0000 \Windows\System32\ntdll.dll

Processes (total 73):
       0 System Idle Process
       4 System
     508 C:\Windows\System32\smss.exe
     576 csrss.exe
     632 C:\Windows\System32\wininit.exe
     652 csrss.exe
     688 C:\Windows\System32\services.exe
     700 C:\Windows\System32\lsass.exe
     708 C:\Windows\System32\lsm.exe
     860 C:\Windows\System32\svchost.exe
     960 C:\Windows\System32\svchost.exe
     352 C:\Windows\System32\atiesrxx.exe
     388 C:\Windows\System32\winlogon.exe
     356 C:\Windows\System32\svchost.exe
     540 C:\Windows\System32\svchost.exe
     564 C:\Windows\System32\svchost.exe
     544 C:\Windows\System32\audiodg.exe
    1032 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\SLsvc.exe
    1100 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1416 C:\Windows\System32\spoolsv.exe
    1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1460 C:\Windows\System32\svchost.exe
    1772 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1784 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    1868 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1884 C:\Windows\SysWOW64\bgsvcgen.exe
    1916 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1928 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    1992 C:\Windows\System32\atieclxx.exe
    2076 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    2232 C:\Windows\System32\dwm.exe
    2316 C:\Windows\explorer.exe
    2356 C:\Windows\System32\taskeng.exe
    2556 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    2732 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2916 C:\Windows\RAVCpl64.exe
    2924 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    2932 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    2940 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
    2964 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    2972 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    2980 C:\Windows\ehome\ehtray.exe
    3008 C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
    2616 C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
     844 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2656 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2720 C:\Windows\ehome\ehmsas.exe
    2176 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
     848 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
     268 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
    2608 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2676 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    3092 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    3116 C:\Windows\SysWOW64\PnkBstrA.exe
    3128 C:\Windows\System32\svchost.exe
    3148 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    3180 C:\Windows\System32\svchost.exe
    3216 C:\Windows\System32\svchost.exe
    3244 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3392 C:\Windows\System32\SearchIndexer.exe
    3484 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    3760 WUDFHost.exe
    3828 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    4012 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4216 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    5032 C:\Users\Allgemein\Desktop\vh69jch7.exe
    3504 C:\Windows\System32\svchost.exe
    4152 dllhost.exe
    4704 dllhost.exe
    4148 C:\Users\Allgemein\Desktop\MBRCheck.exe
    3712 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005f`58500000  (NTFS)

PhysicalDrive0 Model Number: WDCWD10EAVS-00D7B1, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0   Acer MBR code detected
            SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003


Done!
         
Dank und Gruß
Yetzirah

Alt 11.02.2011, 15:04   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2011, 23:02   #14
Yetzirah
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Hallo,

habe die Scans durchgeführt, Malewarebytes hat einen Fund gemeldet, Superantispyware blieb ohne Fund.
2 kurze Fragen, falls es keine Umstände macht. Warum konnte ich bei GMER, entgegen der Anleitung, nur die 3 Haken setzen?
Und was genau hat Malewarebytes da gefunden?

Hier das Malewarebytes Log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5742

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

11.02.2011 20:37:44
mbam-log-2011-02-11 (20-37-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 388161
Laufzeit: 54 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Und das SUPERAntiSpyware Log:
Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 02/11/2011 bei 07:04 PM

Version der Applikation : 4.47.1000

Version der Kern-Datenbank : 6381
Version der Spur-Datenbank : 4193

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:45:01

Gescannte Speicherelemente  : 724
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 13320
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 245587
Erfasste Datei-Elemente   : 0
         
Dank und Gruß
Yetzirah

Alt 11.02.2011, 23:12   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Standard

Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware



Sieht ok aus, da wurden nur ein Überrest gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware
antivir, avg, avira, bonjour, bonkers, dateien, defender, desktop, entfernen, explorer, firefox, home, home premium, löschen, malwarebytes, microsoft, mozilla, nicht sicher, prefetch, programdata, programm, programme, rarsfx0, security, security shield, sicherheit, start menu, superantispyware, syswow64, tan, temp, trojaner, trojaner eingefangen, vista, wmp



Ähnliche Themen: Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware


  1. db22 angeblich entfernt, trotzdem Hintergrundmusik und Aufploppen von Fenstern
    Log-Analyse und Auswertung - 17.02.2015 (10)
  2. Trojaner entfernt, trotzdem kein Zugriff auf verschiedene Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (3)
  3. Windows 7 / Virus entfernt/ Laptop und Firefox trotzdem sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (9)
  4. Bundespolizei-Trojaner entfernt(?) trotzdem Probleme auf dem Desktop/Firefox
    Plagegeister aller Art und deren Bekämpfung - 25.02.2012 (9)
  5. Auswertung meines Logs nach Trjanerfund durch Antivir und SUPERAntiSpyware
    Log-Analyse und Auswertung - 06.01.2012 (1)
  6. Trojaner entfernt -> trotzdem langsames Internet
    Log-Analyse und Auswertung - 10.10.2011 (7)
  7. Win 7 Security 2012 zwar entfernt aber trotzdem noch Probleme!
    Log-Analyse und Auswertung - 24.06.2011 (9)
  8. Antimalware Doctor & Security Tool entfernt aber trotzdem Probleme
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (23)
  9. Antimalware Doctor entfernt, trotzdem verdächtige Datei übrig (azlkl.sys)
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (27)
  10. Antimalware Doctor entfernt - startet trotzdem bei jedem Neustart
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (2)
  11. Virus entfernt, Computer aber trotzdem noch langsam......
    Log-Analyse und Auswertung - 31.07.2010 (3)
  12. Trojaner Virtumonde.scn in sshnas21.dll entfernt - trotzdem System neu aufsetzen?
    Plagegeister aller Art und deren Bekämpfung - 06.04.2010 (9)
  13. Trojaner entfernt Internet trotzdem langsam
    Log-Analyse und Auswertung - 07.03.2010 (8)
  14. 4 Trojaner entfernt - trotzdem weitere Fehlermeldungen
    Plagegeister aller Art und deren Bekämpfung - 10.12.2008 (0)
  15. CWS.jkssearch entfernt trotzdem noch Probleme!
    Log-Analyse und Auswertung - 22.05.2007 (2)
  16. Spy Sheriff erfolgreich entfernt - bitte trotzdem mal die Log`s anschaun!
    Plagegeister aller Art und deren Bekämpfung - 31.01.2006 (6)
  17. Troyaner entfernt (?) - PC läuft trotzdem extrem langsam!
    Plagegeister aller Art und deren Bekämpfung - 08.08.2005 (5)

Zum Thema Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware - Hallo, ich habe mir heute den Security Shield Trojaner eingefangen und ihn so wie in der Anleitung "My Security Shield entfernen" angegeben, beseitigt. Der Rechner läuft soweit ich das beurteilen - Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware...
Archiv
Du betrachtest: Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.