| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf PortwexexeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.01.2011, 18:34
| #1 |
 |  Verdacht auf Portwexexe Hallo, habe meinen Rechner vermutlich mit Portwexexe infiziert. Seit Freitag traten Meldungen von Windows auf bezüglich "Offlinebetrieb". Pc war nicht mit dem Internet verbunden, aber eine Anwendung wollte wohl ständig Daten aus dem Internet laden. Habe darauf nur noch kurz das Internet genutzt und versucht das Problem zu beseitigen. AntiVir konnte nichts finden.. Nachdem einen Tag später das Internet nochmal kurz genutzt wurde zeigte mir Spybot an: 23.01.2011 11:05:26 Verweigert (based on user decision) value "portwexexe.exe" (new data: "C:\portwexexe\portwexexe.exe") hinzugefügt in System Startup user entry! Habe versucht dies zu verweigern...Hab dann später nach erneuter Nutzung des Pc nach dem Hochfahren nachgeschaut und portwexexe war in dem Verzeichnis. Habe den Ordner dann direkt gelöscht und dann hier load.exe heruntergeladen und alle Schritte ausgeführt. Hier meine Ergebnisse: Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5581
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
23.01.2011 23:06:18
mbam-log-2011-01-23 (23-06-18).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148237
Laufzeit: 5 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 752 -> Unloaded process successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 3320 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\pdfforge toolbar\IE\4.1\pdfforgetoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:15 on 24/01/2011 (Christoph)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-24 16:20:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000006d WDC_WD32 rev.1.11
Running: g2m3e4r.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\axrdqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D606000, 0x1FB57A, 0xE8000020]
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x99E06000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x99E4A000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x99E66000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9BF00400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9BFA4620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9BFA4620]
.protectÿÿÿÿhardlockunknown last code section [0x9BFA4400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9BFA4400, 0x5126, 0xE0000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0x9EB3D41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0x9EB3E000, 0x1000, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[3720] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75FDB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB4 0x81 0xFF 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB4 0x81 0xFF 0x0D ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OTL logfile created on: 24.01.2011 16:32:45 - Run 1 OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Christoph\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 53,81 Gb Free Space | 37,36% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Computer Name: CLEXIS | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.23 22:49:15 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\CHRIST~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011.01.23 21:39:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\MFTools\OTL.exe PRC - [2010.12.21 18:04:51 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.04 20:42:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.04 20:42:37 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.05 18:56:48 | 009,742,952 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.05.30 11:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.05.27 11:13:42 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.05.12 21:11:04 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.05.12 21:10:54 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.05.12 16:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.05.09 13:07:08 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.04 22:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe ========== Modules (SafeList) ========== MOD - [2011.01.23 21:39:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\MFTools\OTL.exe MOD - [2010.12.27 12:32:43 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll MOD - [2010.12.27 12:32:36 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2010.12.27 12:32:36 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2009.04.11 07:28:25 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.04.11 07:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2008.05.20 21:44:35 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80DEU.dll MOD - [2008.03.04 22:38:16 | 000,240,176 | ---- | M] (Egis Incorporated.) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll MOD - [2008.03.04 22:38:12 | 000,121,392 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.21 03:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008.01.21 03:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll MOD - [2008.01.21 03:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2007.02.12 07:38:12 | 000,044,648 | ---- | M] (Autodesk, Inc.) -- C:\Windows\System32\AcSignIcon.dll MOD - [2007.02.12 07:06:30 | 000,325,736 | ---- | M] (Autodesk, Inc.) -- C:\Programme\Common Files\Autodesk Shared\AcSignCore16.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.21 18:04:51 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.04 20:42:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008.11.11 22:32:51 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV - [2010.12.21 18:04:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.25 19:46:05 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.05 18:57:10 | 003,211,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.28 18:12:08 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2008.09.02 15:12:02 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.05.30 12:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.05.27 11:13:48 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2008.05.27 11:13:42 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2008.05.09 11:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.29 17:33:00 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.04.28 02:26:00 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.04.15 06:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.03.27 21:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.03.25 23:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2008.03.25 23:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2008.03.25 23:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2008.03.21 09:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.03.19 17:28:52 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.03.04 22:38:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk) DRV - [2008.03.04 22:38:44 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2008.03.04 22:38:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2008.02.18 15:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.01.30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008.01.30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.10.26 07:41:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007.10.18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.03.14 06:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sportal.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://portal.krefeld-pinguine.de/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.backup.ftp: "137.99.11.86" FF - prefs.js..network.proxy.backup.ftp_port: 3127 FF - prefs.js..network.proxy.backup.gopher: "137.99.11.86" FF - prefs.js..network.proxy.backup.gopher_port: 3127 FF - prefs.js..network.proxy.backup.socks: "137.99.11.86" FF - prefs.js..network.proxy.backup.socks_port: 3127 FF - prefs.js..network.proxy.backup.ssl: "137.99.11.86" FF - prefs.js..network.proxy.backup.ssl_port: 3127 FF - prefs.js..network.proxy.ftp: "137.99.11.86" FF - prefs.js..network.proxy.ftp_port: 3127 FF - prefs.js..network.proxy.gopher: "137.99.11.86" FF - prefs.js..network.proxy.gopher_port: 3127 FF - prefs.js..network.proxy.http: "137.99.11.86" FF - prefs.js..network.proxy.http_port: 3127 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "137.99.11.86" FF - prefs.js..network.proxy.socks_port: 3127 FF - prefs.js..network.proxy.ssl: "137.99.11.86" FF - prefs.js..network.proxy.ssl_port: 3127 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.05 21:51:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 20:52:55 | 000,000,000 | ---D | M] [2008.08.30 14:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2011.01.23 21:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions [2010.11.16 22:11:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.15 12:44:33 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2010.11.07 20:55:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.15 12:44:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.04.15 12:44:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.04.15 12:44:35 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.04.15 12:44:43 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\d78v3gwl.default\extensions\firebug@software.joehewitt.com [2011.01.22 13:22:12 | 000,001,056 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\d78v3gwl.default\searchplugins\icqplugin.xml [2011.01.22 13:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.11.01 12:09:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008.12.03 19:16:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.10 18:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.12.27 21:14:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.10.22 22:00:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 22:00:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 22:00:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 22:00:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 22:00:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.23 22:57:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.23 22:55:45 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.23 22:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.23 21:43:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2011.01.23 21:42:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.23 21:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.23 21:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.23 21:42:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.23 21:42:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.23 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\MFTools [2011.01.23 12:18:23 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2011.01.21 17:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.01.21 17:33:36 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.01.21 17:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.01.21 16:38:29 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\3D-Bilder [2011.01.21 16:38:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Software [2010.12.29 14:48:34 | 000,000,000 | R--D | C] -- C:\Users\Christoph\Desktop\SketchUp [2010.12.28 12:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 7 [2010.12.27 13:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google ========== Files - Modified Within 30 Days ========== [2011.01.24 15:54:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.24 15:51:55 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.01.24 15:50:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.24 15:49:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.24 15:49:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.24 15:49:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.24 15:49:10 | 2649,145,344 | -HS- | M] () -- C:\hiberfil.sys [2011.01.24 10:15:29 | 000,000,020 | ---- | M] () -- C:\Users\Christoph\defogger_reenable [2011.01.23 22:55:46 | 000,000,737 | ---- | M] () -- C:\Users\Christoph\Desktop\NTREGOPT.lnk [2011.01.23 22:55:45 | 000,000,718 | ---- | M] () -- C:\Users\Christoph\Desktop\ERUNT.lnk [2011.01.23 22:53:21 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.23 22:53:21 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.23 22:53:21 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.23 22:53:21 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.23 21:43:11 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8580F1B-7656-4EE0-A554-B5DFC59E8674}.job [2011.01.23 21:42:52 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.23 21:39:59 | 000,296,448 | ---- | M] () -- C:\Users\Christoph\Desktop\g2m3e4r.exe [2011.01.23 21:39:57 | 000,050,477 | ---- | M] () -- C:\Users\Christoph\Desktop\defogger.exe [2011.01.23 21:38:23 | 000,151,566 | ---- | M] () -- C:\Users\Christoph\Documents\Load.pdf [2011.01.23 21:37:14 | 000,472,098 | ---- | M] () -- C:\Users\Christoph\Desktop\Load.exe [2011.01.23 21:35:52 | 000,002,631 | ---- | M] () -- C:\Users\Christoph\Desktop\Microsoft Office Word 2007.lnk [2011.01.22 13:09:02 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.01.21 17:33:50 | 000,001,059 | ---- | M] () -- C:\Users\Christoph\Desktop\Spybot - Search & Destroy.lnk [2011.01.18 20:33:04 | 000,613,152 | ---- | M] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi.dwg [2011.01.18 20:31:52 | 002,883,409 | ---- | M] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi1_1000.jpg [2011.01.18 20:07:12 | 000,622,144 | ---- | M] () -- C:\Users\Christoph\Desktop\Gestaltungsplan2.dwg [2011.01.18 14:59:40 | 009,448,183 | ---- | M] () -- C:\Users\Christoph\Desktop\3D_Modell_fertig.skp [2011.01.15 21:51:38 | 001,463,609 | ---- | M] () -- C:\Users\Christoph\Desktop\Strukturkonzept_neu.jpg [2011.01.09 15:30:58 | 000,002,633 | ---- | M] () -- C:\Users\Christoph\Desktop\Microsoft Office Excel 2007.lnk [2011.01.08 10:59:21 | 000,013,227 | ---- | M] () -- C:\Users\Christoph\Documents\ic.docx [2011.01.02 12:57:26 | 000,033,792 | ---- | M] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.01 13:12:24 | 000,006,944 | ---- | M] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat [2010.12.28 12:56:15 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF7a.ocx ========== Files Created - No Company Name ========== [2011.01.24 10:15:08 | 000,000,020 | ---- | C] () -- C:\Users\Christoph\defogger_reenable [2011.01.23 22:55:46 | 000,000,737 | ---- | C] () -- C:\Users\Christoph\Desktop\NTREGOPT.lnk [2011.01.23 22:55:45 | 000,000,718 | ---- | C] () -- C:\Users\Christoph\Desktop\ERUNT.lnk [2011.01.23 21:42:52 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.23 21:39:58 | 000,296,448 | ---- | C] () -- C:\Users\Christoph\Desktop\g2m3e4r.exe [2011.01.23 21:39:57 | 000,050,477 | ---- | C] () -- C:\Users\Christoph\Desktop\defogger.exe [2011.01.23 21:38:21 | 000,151,566 | ---- | C] () -- C:\Users\Christoph\Documents\Load.pdf [2011.01.23 21:37:11 | 000,472,098 | ---- | C] () -- C:\Users\Christoph\Desktop\Load.exe [2011.01.21 17:33:50 | 000,001,059 | ---- | C] () -- C:\Users\Christoph\Desktop\Spybot - Search & Destroy.lnk [2011.01.21 16:38:28 | 009,448,183 | ---- | C] () -- C:\Users\Christoph\Desktop\3D_Modell_fertig.skp [2011.01.21 16:38:28 | 000,613,152 | ---- | C] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi.dwg [2011.01.21 16:38:15 | 003,065,954 | ---- | C] () -- C:\Users\Christoph\Desktop\Strukturkonzept_Final.jpg [2011.01.21 16:38:15 | 002,883,409 | ---- | C] () -- C:\Users\Christoph\Desktop\Gestaltungsplan_Praesi1_1000.jpg [2011.01.21 16:38:15 | 001,463,609 | ---- | C] () -- C:\Users\Christoph\Desktop\Strukturkonzept_neu.jpg [2011.01.21 16:38:15 | 000,622,144 | ---- | C] () -- C:\Users\Christoph\Desktop\Gestaltungsplan2.dwg [2010.12.28 12:56:15 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF7a.ocx [2010.11.17 17:51:40 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.08.01 17:02:13 | 000,017,408 | ---- | C] () -- C:\Users\Christoph\AppData\Local\WebpageIcons.db [2010.06.01 21:05:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.09.11 14:09:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.05 20:06:11 | 000,000,112 | -HS- | C] () -- C:\Windows\WinWs2k2009.sys [2009.07.05 20:03:58 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2009.07.05 19:56:55 | 000,000,032 | ---- | C] () -- C:\Windows\Start_wslc2009.INI [2009.05.06 18:05:22 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2009.05.06 18:05:22 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2009.05.06 18:05:22 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2009.05.06 18:00:48 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2009.05.06 18:00:48 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009.02.28 13:57:56 | 000,000,112 | -HS- | C] () -- C:\Windows\WinWs2k2007.sys [2008.10.03 09:24:42 | 000,000,062 | ---- | C] () -- C:\Windows\pcvcdbr.INI [2008.10.03 09:18:43 | 000,000,000 | ---- | C] () -- C:\Windows\pcvcdvw.INI [2008.09.23 17:03:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.09.02 16:26:58 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2008.09.02 13:04:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.02 13:01:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini [2008.09.01 11:25:37 | 000,033,792 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.30 16:12:34 | 000,006,944 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat [2008.07.30 05:34:36 | 000,004,442 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2008.07.30 02:45:55 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.07.30 02:45:55 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.05.20 23:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.05.20 23:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.05.20 22:20:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.05.20 22:15:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.05.15 11:09:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.11.20 15:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.25 14:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\RegObj.dll ========== LOP Check ========== [2008.08.30 13:24:50 | 000,000,000 | -HSD | M] -- C:\Users\Christoph\AppData\Roaming\.# [2008.05.20 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Acer GameZone Console [2009.02.28 13:44:35 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Autodesk [2010.01.10 17:29:59 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canon [2008.09.02 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools [2008.09.10 15:08:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\EPSON [2008.08.30 16:42:32 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\eSobi [2008.09.10 21:17:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ESRI [2011.01.20 22:21:24 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ [2008.08.30 13:17:55 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\iWin [2010.02.23 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\MAXQDA2007 [2008.11.12 19:33:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\RayV [2011.01.24 10:16:00 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.23 21:43:11 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8580F1B-7656-4EE0-A554-B5DFC59E8674}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008.05.21 07:34:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011.01.24 15:49:10 | 2649,145,344 | -HS- | M] () -- C:\hiberfil.sys [2008.09.02 18:54:36 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log [2008.07.30 03:20:39 | 000,000,020 | ---- | M] () -- C:\Medion.ini [2011.01.24 15:49:08 | 2962,743,296 | -HS- | M] () -- C:\pagefile.sys [2008.07.30 03:16:35 | 000,000,060 | ---- | M] () -- C:\Partition.txt [2008.05.20 22:00:53 | 000,000,650 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2010.10.17 11:31:48 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.09.13 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD83.DLL [2006.09.13 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP83.DLL [2006.11.02 10:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL [2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.29 15:00:00 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 08:57:14 ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > Code:
ATTFilter
OTL Extras logfile created on: 24.01.2011 16:32:45 - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Christoph\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 53,81 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Computer Name: CLEXIS | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5F28EA-CA51-4420-8F64-A9789A52BC80}" = lport=137 | protocol=17 | dir=in | app=system |
"{2D631047-2668-4494-ADF4-0D69ABF28CF0}" = rport=138 | protocol=17 | dir=out | app=system |
"{342475A2-8E56-4B4B-91BF-51FE50991D86}" = rport=445 | protocol=6 | dir=out | app=system |
"{617175F3-2080-4336-925F-D0E76C5F8EE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{A72484D8-AEAF-4970-BFE2-E360EE0FFA0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF0967D7-3D9D-4556-82D9-813560045DBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B556373F-56AD-45CF-82A4-316F9CFEB566}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFBC7E31-F055-487B-9963-776D6EC730DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EB3AA148-763D-44A2-A0B9-F04F1DEB9B6D}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9EAA181-71B1-4B31-BABF-BAA85BFCAB6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA3F05BE-E148-459C-AA1E-74D789DAF8A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB8D2E6-EE80-4974-87A7-110B218C86A8}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{13DE1542-C1CE-4DFF-94F0-BD704E111E66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{15335817-FFDA-4A78-A18E-26C1C8E2BA43}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{24DC5CB8-203B-407E-B201-F1546FEC58DA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2B98CA43-D1F0-4D52-93FA-0FD3C15B390F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{337736D6-3AF5-46C6-90C0-CCE402A7596B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5E29E9A5-06ED-4268-9FC0-0A8B23A2A08F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{648EF9E3-FBEA-4D19-B9E1-DBDDC547A23C}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6DA5F8AD-7867-4872-B290-FADB9817E2F4}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{70776BD7-A543-477E-A80B-847500D0180D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7C0563EA-CCB1-4826-8031-8FA37246558C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9A3E07C9-8A25-4B10-AD23-844C3EB2C84E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AF57989F-AA5F-4AB1-BD57-FA20F6F87693}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CB2E9942-304A-47DA-81ED-BAD46CCB22BF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CCB8019D-D73A-4719-9B8A-B1E19DBC07FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CDAD18E6-4B41-4F1F-BBB4-3541054DB07B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D8947999-6D6E-4727-9235-D1C7A7EE01EA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E86566B3-EB60-453E-AD67-8FC029276E12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3888E73-8A73-4897-960A-FD88D65393F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FA4C8BBF-CBAA-4B87-B0B5-333995986BE4}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"TCP Query User{0EF1237F-AD04-4361-8AB7-796B73A7CF13}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{10BDC576-7C1E-45AE-AFEA-C5DE2B6FC2AE}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{133042CA-6103-4270-B0ED-F5B2C53EDFDD}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{1F5470A9-6833-4934-89AE-C1E9CEEAFA95}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{20A14478-4F4E-4433-97EA-EC33507C4879}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2AABB23C-4071-4F8E-A732-EB32C7DCCC1E}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{30F0BBE0-DA99-4C92-9DF0-8C00470E3261}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{401E9796-ACA4-4BBB-9FC0-42A6BD0DD47C}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{462778FB-29A1-45A1-B382-CD0F501FD5AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{496666EC-BB13-474A-9414-BC2E2C38F78B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4F39A030-4C87-45DA-AC42-17C87D5C9BF4}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{56EBE95D-3933-4CCA-8AA3-A265401A1383}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{6B98A6FE-1331-49C1-9EC5-7296A88C1C1D}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{7DF690F6-B504-4D7E-A563-FF81C9933753}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{7FD5DC79-DFFC-42C2-A3B8-7411FC9168F6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{8C0DA038-DD96-4E24-A1C0-E98A54158B24}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{8F096D13-B6FA-4828-9E09-AAF0429EC2DB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{993BEE95-615B-46E3-8BBA-2AEB479D9DA2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B05B6A5E-9C1C-40AB-9272-E926C7BF598A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B6542251-9D5D-4216-800E-EE2F2299B820}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B7BF547E-EB4E-4CA5-A01F-4B3FFB74BA5A}C:\program files\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe |
"TCP Query User{C052213F-474A-45B5-A359-837476D3B6F9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C394BCF2-3AF1-4894-9122-BB2E84C409A6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{C9B9FC07-086A-496F-A5D8-59CD8373903C}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe |
"TCP Query User{D2804E38-D197-492C-B5B7-8948CB2A06A8}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{D55A143E-AB54-4337-B23C-0D4A3DA492D4}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{E6210AD6-83A1-484C-88B8-C3383FE114C7}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"TCP Query User{E9CC91AB-3C2D-4744-9265-200CAE55732F}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{F447CD8A-0F72-4C38-8D8E-EE48EB89EF66}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{049363A8-3A00-48B5-919D-E77EB8A652F2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{0C0E8EEF-F70E-4E00-9FBF-664CB28E14E9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1EC7D355-D9D0-49FF-B205-2B3DAA608C1F}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{2231E2CF-9DE2-4DDF-A790-38B8E15471EE}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{2280FF96-5A7B-4C41-9831-734F198EFB58}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{28CC09BD-815B-4115-B133-CF4E8AD9C81D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{346B608B-6CD2-4B60-86EB-3A455396ABC3}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{48E3C064-825E-435D-A3DE-4AFB9443E5F1}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{5E2C6214-6A04-4951-8EE3-7452C64B0AF3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{60A314D4-88F5-42D9-90C2-48C8FA17B15F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6F70C5F0-CF7D-4CFB-9A36-DC939C2F21AF}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{740525DF-6244-4D05-9B30-3AA56DA9DAE5}C:\program files\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe |
"UDP Query User{80AC7B4D-0C24-430D-9786-F4CE0C84178D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{8169B110-B7C7-4256-843D-85253C6D8CAC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8A21E412-F4EE-4EB3-8936-ED6C384249F4}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{8B193912-224A-48B8-8FD6-424B35B80D8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{945F84AD-8C82-40C0-9904-092B0D4BA7FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A2C66564-C7EC-4720-B782-99B0FF49B73C}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"UDP Query User{A3F68966-4523-4CA0-B37C-CB98D8E070A7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{AE07081C-FF9C-4C94-A5FE-155253C09960}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe |
"UDP Query User{AF2A2D6A-FCD6-471D-9B27-8B66CF6C52F8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B0F5B647-3E4F-4135-A7B5-A66AE366A2B2}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{BA92AE49-EA3F-48D1-9FCF-BC8686C758D4}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{CB31BC4D-3FA2-4A2D-80C0-BA3559E5EE4E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D1263189-0EA7-4E51-B75E-222BB8197151}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{ECBCE991-FFBA-47C9-8633-CE2A24F639FF}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{F0897D71-B838-430B-95B0-358B06311FEC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{F47B5AF3-2328-4476-995D-5C7544372211}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F75087EE-147A-402C-8641-E2A72ADF7231}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0087799A-6484-2297-16D1-314C8D51EB5C}" = CCC Help Turkish
"{008B104E-AD08-D176-D974-9E795A3B5930}" = CCC Help English
"{01D60497-9C75-DFB2-6702-73288FAAF569}" = CCC Help Finnish
"{07100081-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Encarta 2007 - Enzyklopädie
"{08E77A66-9566-2C8F-4924-87AF3EEC4C8D}" = Catalyst Control Center Localization Korean
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F685585-6664-3B0F-8FFF-824EF3EC808F}" = CCC Help Chinese Standard
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{11FA22E0-699F-57FB-2ED5-81518FD4D26B}" = Catalyst Control Center Localization Czech
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1ADA324F-E40F-1763-8A4C-C2B1C3221C8B}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21BC64BE-7760-932B-9070-BAE49E82E4C0}" = CCC Help Russian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{247EC1CE-C81F-298F-EDDE-666C02C58193}" = CCC Help Spanish
"{2503CD86-B4C1-2EB7-30F8-A06F1156EE44}" = CCC Help German
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{27F3E373-93BF-441E-826B-98C33DF309B5}" = AMD USB Audio Driver Filter
"{2A6F9CF1-E874-FAAE-ACBF-50DEAB6A2866}" = Catalyst Control Center Localization Chinese Traditional
"{2C3AD6F9-0DD7-E2A2-363F-749247AE9603}" = CCC Help Czech
"{2E484859-4C24-718C-C637-368B04F14142}" = Catalyst Control Center Localization Russian
"{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}" = PASW Statistics 17.0
"{30C5CDC6-67DE-F761-507F-E156FB7CF098}" = Catalyst Control Center Localization Italian
"{3304A9B5-C51F-42D4-B827-C77D607AC87B}" = Catalyst Control Center Localization Chinese Standard
"{36E3F10E-E909-0B45-B58B-CAF9864B22FF}" = Catalyst Control Center Localization Danish
"{3CFD59CA-BC0C-0A69-C420-5F6E54565246}" = ccc-core-static
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{448D6CAA-B84F-148E-DF21-D9145CD70791}" = Catalyst Control Center Localization Thai
"{459E81F6-51BB-F78C-EB9A-619499B7E7B8}" = CCC Help Korean
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA50CE2-3549-5E6B-DB7F-EC1FB21C98EB}" = CCC Help Italian
"{5025C2C2-E2DA-54CA-6AA3-2B796ED5E371}" = CCC Help Dutch
"{5204292B-0CDB-B240-65CE-F4CF17919E2D}" = Catalyst Control Center Localization Hungarian
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5776FA35-21C8-A6C6-3B32-C5528AE4054F}" = CCC Help Danish
"{5783F2D7-6009-0407-0002-0060B0CE6BBA}" = AutoCAD LT 2008 - Deutsch
"{58A8EF55-37A0-F2C2-A35B-CA97E8F3D5C3}" = CCC Help Hungarian
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59ED508E-4239-EAD2-8D50-8923AADCFD76}" = Catalyst Control Center Graphics Full New
"{5D751B45-0F9F-0B9E-F3EA-25821C9D7F49}" = CCC Help Thai
"{63B8997E-EB2D-41D3-984C-C44D6D67A571}" = ArcSoft PhotoStudio 5.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{672CFCDF-759F-5F3C-077D-8B1A172FE150}" = Catalyst Control Center Localization Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A5A8BEE-5493-C8F3-978F-6DC2A612D070}" = Catalyst Control Center Localization Portuguese
"{6CB07378-C076-D335-7D38-37AC272D899A}" = Catalyst Control Center Localization Greek
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{70B7E2EA-6CF1-C7BC-5F0E-7467F114BD5E}" = Catalyst Control Center Core Implementation
"{70E392D0-9A63-CD3B-11E4-4B66B7C68DE9}" = Catalyst Control Center Localization Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{796127AB-1065-1DE9-3F6B-B4A00455FD34}" = CCC Help Chinese Traditional
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{823D0051-9B7A-46C3-A29B-AA4D765960ED}" = Google SketchUp Pro 7
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{85D808E9-8D08-90FF-B0FB-2732EC386A58}" = Catalyst Control Center Localization Japanese
"{89AD7027-B6B2-47DF-21F2-D8A46A6DB13F}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C55354D-62FC-7BBD-91CB-199365A64331}" = CCC Help French
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95C8E6D2-8D1A-1846-F8CF-FC5BF2682D3E}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9B28716A-CAB1-F0E0-A975-83F9C7294F64}" = Catalyst Control Center Graphics Light
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A176487F-227E-3F91-C7AF-679E0E34AC0C}" = ccc-utility
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD0EF554-9674-3C40-914C-E728036D6B5B}" = CCC Help Polish
"{B1AAC909-15F7-74EC-5D4D-70E3240CD30A}" = Catalyst Control Center Localization Dutch
"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1
"{B24380E2-B8C4-5FC5-F11D-27300AB9B3A3}" = Catalyst Control Center Localization Norwegian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8E11DD5-8FC7-6EFB-42A3-1D9C58CDFD84}" = CCC Help Portuguese
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BF23DA5D-6205-4BE2-36B4-B74D671FF0D1}" = CCC Help Greek
"{CC434C7B-54AF-7181-1F33-6BD4DF382FE2}" = CCC Help Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D7C81D2F-9490-518E-893F-0E9AC41415DE}" = Catalyst Control Center Localization Finnish
"{DF39E385-C2E0-F044-022B-2A8A565B7182}" = Catalyst Control Center Localization Polish
"{E5FB0690-C5F4-DD4F-4360-D1F360582DCE}" = CCC Help Swedish
"{EE94CB5C-9DD8-0373-42C3-A4F9F4A775BA}" = Catalyst Control Center Localization Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BCAAD1-95DF-DF91-4A06-471D97884038}" = CCC Help Norwegian
"{FA378A8C-5F03-519A-AE78-91E93B50FC6A}" = Catalyst Control Center Localization French
"{FA4DDF14-0227-47ED-9FB0-3290E84E8938}" = Catalyst Control Center - Branding
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.57
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutoCAD LT 2008 - Deutsch" = AutoCAD LT 2008 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"Dynamic-Photo HDR (Trial)_is1" = Dynamic-Photo HDR (Trial/Showcase 2.3)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"f4" = f4 3.1.0
"Free Video Dub_is1" = Free Video Dub version 1.5
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXQDA2007" = MAXQDA2007 (R190110)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Macromedia Flash Player 8
"SopCast" = SopCast 3.0.3
"TVAnts 1.0" = TVAnts 1.0
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WS·LANDCAD 2009 Einzelplatz-Installation" = WS·LANDCAD 2009 Einzelplatz-Installation
"XMedia Recode" = XMedia Recode 2.1.2.5
"Yahoo! Companion" = Yahoo! Toolbar
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2010 06:39:35 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.06.2010 10:32:26 | Computer Name = Clexis | Source = WinMgmt | ID = 10
Description =
Error - 01.06.2010 10:32:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.06.2010 10:32:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.06.2010 16:09:25 | Computer Name = Clexis | Source = WinMgmt | ID = 10
Description =
Error - 01.06.2010 16:09:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.06.2010 16:09:31 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2010 03:38:56 | Computer Name = Clexis | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2010 03:39:02 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.06.2010 03:39:02 | Computer Name = Clexis | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 23.01.2011 13:20:24 | Computer Name = Clexis | Source = DCOM | ID = 10016
Description =
Error - 23.01.2011 16:44:35 | Computer Name = Clexis | Source = Service Control Manager | ID = 7034
Description =
Error - 23.01.2011 17:46:41 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description =
Error - 23.01.2011 18:06:18 | Computer Name = Clexis | Source = Service Control Manager | ID = 7034
Description =
Error - 23.01.2011 18:14:21 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description =
Error - 24.01.2011 05:05:12 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description =
Error - 24.01.2011 05:17:08 | Computer Name = Clexis | Source = Service Control Manager | ID = 7000
Description =
Error - 24.01.2011 05:18:24 | Computer Name = Clexis | Source = DCOM | ID = 10016
Description =
< End of report >
|
| Themen zu Verdacht auf Portwexexe |
| 7-zip, alternate, antivir, avgntflt.sys, avira, bho, browser, canon, corp./icp, desktop, error, excel.exe, firefox, flash player, gerätetreiber, google, google earth, helper, home, home premium, iexplore.exe, infiziert., install.exe, internet, launch, load.exe, location, logfile, microsoft office word, mozilla, nvstor.sys, oldtimer, pdfforge toolbar, plug-in, popup, portwexexe.exe, problem, programdata, realtek, registry, registry cleaner, required, safer networking, saver, searchplugins, security, security scan, server, shell32.dll, software, spigot, start menu, system, system restore, vista, vlc media player, windows |
Baum-Darstellung