| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU/ Polizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.06.2012, 10:18
| #1 |
| |  GVU/ Polizei Trojaner Moin moin, heute beschäftigt mich ein Problem, dass ich schon ein zwei mal hatte, es aber bis dato allein lösen konnte. der klassiker: es offnet sich beim starten von Windows 7(64bit) das fenster "geld her sonst gefängnis und so" das problem konnte ich sonst mit hilfe des kostenlosen northen tools(sorry kein plan wie das genau heißt) NPE.exe lösen. aber nicht heute. der heutige trojaner fällt dadurch auf, das ein bild meiner webcam also von mir zu sehen war. habe mir nun OLT.exe runtergeladen und folgende nachricht erhalten: OTL Extras logfile created on: 25.06.2012 10:43:24 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Franz\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,54% Memory free 7,73 Gb Paging File | 6,95 Gb Available in Paging File | 89,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 161,84 Gb Free Space | 56,73% Space Free | Partition Type: NTFS Drive D: | 267,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASPIRE-5740G | User Name: Franz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D1F6E6E-56AD-4340-9FF7-AE541C440C4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0DBE6263-7394-497C-917C-B95DC4AFFA1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D8A3E51-15A1-4B2E-8074-99FAB27DA989}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2D63959C-1B5D-4497-B9EC-E1AFCD1179EA}" = lport=2869 | protocol=6 | dir=in | app=system | "{40A98F7B-4E65-4F69-83B9-48FC603AFF81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4166809B-F6DC-4E44-B126-01D5190622ED}" = lport=137 | protocol=17 | dir=in | app=system | "{424FDAA3-EDD7-447A-9235-4897BA1353A3}" = lport=445 | protocol=6 | dir=in | app=system | "{48926067-DF12-4836-B1C6-23BE2C43781F}" = rport=10243 | protocol=6 | dir=out | app=system | "{5499FF9F-E6F5-482E-969B-CF24FF157BB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{55939F53-9C69-49C3-B9FF-9202314443BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{61CA5739-7A51-45D8-B25F-4715438E3777}" = lport=138 | protocol=17 | dir=in | app=system | "{6BB2CA56-50ED-4E2F-8BB0-BCAA5EC792BB}" = lport=139 | protocol=6 | dir=in | app=system | "{75E11F1C-62C3-435E-BA77-B0B85CE6E0BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{78308C6D-9D83-4ACE-A1EB-88BE8AA3FF13}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{78F8F8A3-1A49-408C-8272-468024573A26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7C4FAB32-346F-4274-A71B-201C75B55C68}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7D4E3E45-9A22-429F-A300-6E21C54B4C4C}" = rport=139 | protocol=6 | dir=out | app=system | "{963072AB-1D48-4995-AA22-6B870E34FE5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{967E94A6-7FDA-470A-BA74-93F2C3171FAC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{98FCD0AE-8D73-46ED-A7B4-06223FC5ACF5}" = rport=138 | protocol=17 | dir=out | app=system | "{991096E5-FFAF-4A32-B95E-9255C149F76F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9C39AC0D-AA5A-4A1C-A905-C755003CB4E7}" = lport=445 | protocol=6 | dir=in | app=system | "{9F35DDCC-56C8-4F66-BF3C-C891E2820857}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A18ED295-2723-405B-B2F5-DDD6948D78BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A27080E0-2428-4F44-A093-E81CB0835316}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8D4322A-931D-4E30-AE0F-10A7846EA205}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B9906303-56F7-4BCA-9776-4F63B88A464B}" = lport=10243 | protocol=6 | dir=in | app=system | "{BD6852A6-C7EA-4B50-81FF-06090AF01AC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BFF7049C-4AA4-43AF-BEED-4F06D4FD239C}" = lport=2869 | protocol=6 | dir=in | app=system | "{C90D4FBF-E88C-4249-AA11-258AF2407800}" = rport=137 | protocol=17 | dir=out | app=system | "{DA40CBE5-EC77-41F8-8656-4E661CA266A3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DD17D8BE-CADD-46FA-9AC4-1C824F367102}" = rport=445 | protocol=6 | dir=out | app=system | "{E858277F-AC03-4170-B795-EE7DAABAEA49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5E2D925-363C-4EB0-A2C6-87431A99A810}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FD36CED2-E267-4DB7-9C4C-1863293B32B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C078FA-A7F6-4E2A-A5CD-33B3B43FE7BC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | "{0D46DF0B-632B-47C7-9A8D-DB436A68B0DF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{0E0C240D-C44E-4C6B-BC00-DCB29A10E37E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{0FEEBAF4-8E4F-4538-B235-C27FC1586822}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{11E7CF78-0D76-4267-9A7E-93CC8D2FAC19}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{12226B45-4AD0-4852-BE5E-1DA883C17D37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{140CE889-8D28-48E2-9102-805A05C36B65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1ABA5C6B-9016-45E9-8B68-4A55256B6AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{24794780-EBF6-4865-949B-4C35953AF6BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2B875F33-08DF-4D97-97FC-9F9918D5DA4D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{2C0877DA-8684-4369-91AA-8B715A24ED3B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2F661167-7810-4DEA-9647-57CB4EF207B8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3332D8AA-FD80-4530-8871-14021B9C80E1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{37E5B4BA-935F-4DE2-ACB6-FBED524EBA47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{46D1ED7B-4560-42A9-B22A-436CF0A494C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A4DD3C0-BA14-48BB-B034-7673AA96101C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{60294ED8-7F34-481B-9A46-6784974EC278}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{659DDBF5-3DCC-4EE7-BD00-A47418BA027B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{69A9830F-521E-42D0-BF2F-39523EC972E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6FE9DDE5-71D9-4CEF-A781-55B022319188}" = protocol=6 | dir=out | app=system | "{70D9C6B8-E7C6-4A9F-8DE9-42B1C1A6D056}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{70E12143-FCF7-47AC-B22A-8A6F80EB6534}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7547687C-4451-421B-90C1-F05BACA0A480}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8055BCFF-8B3B-4670-BAD1-E05D66B1AD90}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{80A1C4D1-DDA5-414F-B729-208CDB5C8406}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{81B53137-28E2-454E-8D77-5E00FAA64D6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{88631D17-7906-4543-88E4-865A32A764CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{9DBE236F-CBE8-44F8-B790-D1CFEF7CCDBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A29B6FA9-F2A0-400D-BA83-56472CD7AECD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A7368693-4DDC-49D5-BF42-8E2AB6723FF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA3EB78B-E317-49E4-913B-310C425ACE86}" = protocol=6 | dir=in | app=c:\users\franz\appdata\roaming\dropbox\bin\dropbox.exe | "{BAC55FA5-4DAC-4F38-AC9F-5A036D9E4C19}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BFD5ACD9-63DF-4FFD-8411-9614352FF9A4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{C1E208A6-9188-4255-BC07-20936664E8BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C3BFED5D-B039-499A-80B0-514F62B82567}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{C6298455-9D82-46F5-8E0F-3D76C0B1F692}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{C7F9947F-1ECB-4A63-83CF-C34351E554B8}" = protocol=17 | dir=in | app=c:\users\franz\appdata\roaming\dropbox\bin\dropbox.exe | "{CA60E5B6-CA5A-4405-A7AB-506013B17EE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CB40FEE6-F9F7-4810-B6A6-6536D1738FFC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | "{CD48E4D2-21DC-4B1C-92F3-BF399FEDA924}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{D1C9FEDB-7D4C-451C-8A7C-C26CE7CCB030}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D4EC3A32-2378-44F7-A895-46FBF2790209}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{D5DF025E-462F-4352-B4A0-AC89E68B7D8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D88ABBEE-533B-40A2-8D06-47A14780DDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D9670A8F-9456-4543-A2BF-A9C3296A36DB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{DD882508-3760-4B80-B970-27D6BCDB7AF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E0C6559D-42DA-4B3A-A667-9BED3C4D4974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E9CD437A-FF3E-474F-8377-9E6B8B4D678E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EC977169-499C-49B6-BD3E-A758EDB9F1B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F3268750-E5DE-44DA-9BF4-15C46B78C7AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F9A80D5F-5740-4489-BC84-54A81B683E94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FF59B7DE-EDE6-4067-BF93-CCAA11A32E9E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "TCP Query User{17985630-BE32-49DF-B2FA-0A89D155659B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{2FA0E2EA-61E9-4E7C-8578-1224C9CFFE57}F:\festplatte\benutzer\öffentlich\cod4\iw3mp.exe" = protocol=6 | dir=in | app=f:\festplatte\benutzer\öffentlich\cod4\iw3mp.exe | "TCP Query User{3699C248-80FA-4C68-8433-34D0A9AADEF6}C:\users\franz\desktop\cod 1.5\cod 1.5\codmp.exe" = protocol=6 | dir=in | app=c:\users\franz\desktop\cod 1.5\cod 1.5\codmp.exe | "TCP Query User{37717481-B5E1-433C-B834-8C41924675CD}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "TCP Query User{55EE7B55-56AB-4EAD-8B5C-393304A19BA3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{67E29C94-9FCB-4688-8FE4-C5C0522802FD}C:\users\franz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\franz\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{67EAAC2E-DE10-4D33-AFBA-C90D5B20FE4D}C:\program files (x86)\dgp1000\note manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dgp1000\note manager.exe | "TCP Query User{88089A55-B6C9-4E55-B665-4189A244B2E4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{8B167579-D6B8-413D-A0E3-317E6156A634}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{A0389AC1-0EBF-4C7F-A399-700B4987821D}C:\program files (x86)\dgp1000\note manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dgp1000\note manager.exe | "TCP Query User{F00BC27F-7164-4820-AC25-A34BE3AEB752}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{FE9D2B95-3F71-4A47-9230-4BA2535F355D}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{24F9135E-3420-4A93-860F-9CA1BD88CCD3}C:\program files (x86)\dgp1000\note manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dgp1000\note manager.exe | "UDP Query User{343CAEF3-463B-466C-9DDA-CCF665A8B83D}C:\users\franz\desktop\cod 1.5\cod 1.5\codmp.exe" = protocol=17 | dir=in | app=c:\users\franz\desktop\cod 1.5\cod 1.5\codmp.exe | "UDP Query User{51ED4223-A5D6-43C3-A70D-193547C26CA6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{65F7FDBD-99D4-4338-AE3E-B3F4BA77CB9B}C:\program files (x86)\dgp1000\note manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dgp1000\note manager.exe | "UDP Query User{691CC2A3-5112-453D-815B-48FBE44BB410}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{72A58213-E22F-4B1B-AC74-7E25D2C43B3D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{751C1BAA-0F0A-4669-A9DE-0CFFD804260E}F:\festplatte\benutzer\öffentlich\cod4\iw3mp.exe" = protocol=17 | dir=in | app=f:\festplatte\benutzer\öffentlich\cod4\iw3mp.exe | "UDP Query User{8C8697E5-E707-4768-8960-217F368FCE01}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{99B18884-1CDB-4CED-A6BB-B3BE005F6BD1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{B5B405BC-745F-4400-8E69-07310ABC0BBC}C:\users\franz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\franz\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{E821768F-2062-4C4A-9EDC-81B9B0C382DB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{F7480B4B-2B97-4AE2-B549-7D12C207C5AF}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager "{373934DC-C16C-4CB5-83E2-1E5498CF99EC}" = Shutdown Timer "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{A4F8DAB8-1771-476C-8538-700EE51AD877}" = MacDrive 9 Standard "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CPUID HWMonitor_is1" = CPUID HWMonitor 1.16 "HitmanPro36" = HitmanPro 3.6 "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New "{188F5452-6C4E-4CA9-8E57-CF72E5331D2B}" = Note Manager Software "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing "{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese "{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian "{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish "{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard "{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish "{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking "{A82E3AFE-0BD9-4A17-9A58-9112B5C679C5}" = MyScript Notes Lite "{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All "{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian "{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light "{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek "{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian "{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Welcome Center" = Welcome Center "Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "DivX Setup" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fraps" = Fraps (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206 "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP LaserJet P1000 series" = HP LaserJet P1000 series "Identity Card" = Identity Card "Indeo® software" = Indeo® software "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "LManager" = Launch Manager "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "mp3-2-wav" = mp3-2-wav converter 1.14 "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "RocketDock_is1" = RocketDock 1.3.5 "Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle "UltraISO_is1" = UltraISO Premium V9.52 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.11 "WAVSPLIT210_is1" = Wave Splitter 2.10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.01.2012 16:16:49 | Computer Name = aspire-5740g | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.01.2012 16:16:50 | Computer Name = aspire-5740g | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.01.2012 16:16:50 | Computer Name = aspire-5740g | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.01.2012 16:17:22 | Computer Name = aspire-5740g | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.01.2012 16:17:23 | Computer Name = aspire-5740g | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.01.2012 16:17:23 | Computer Name = aspire-5740g | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.01.2012 16:17:42 | Computer Name = aspire-5740g | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.01.2012 12:39:45 | Computer Name = aspire-5740g | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 9.0.1.4371 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 738 Startzeit: 01ccd1358ed58d9a Endzeit: 446 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: fecb09b1-3d3b-11e1-bd2b-00262d9a162f Error - 13.01.2012 04:20:18 | Computer Name = aspire-5740g | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 13.01.2012 04:22:19 | Computer Name = aspire-5740g | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ OSession Events ] Error - 18.04.2011 15:54:21 | Computer Name = aspire-5740g | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.06.2011 16:23:04 | Computer Name = aspire-5740g | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7307 seconds with 3780 seconds of active time. This session ended with a crash. Error - 09.09.2011 06:20:48 | Computer Name = aspire-5740g | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 180 seconds with 120 seconds of active time. This session ended with a crash. Error - 15.03.2012 11:50:57 | Computer Name = aspire-5740g | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 780 seconds of active time. This session ended with a crash. [ System Events ] Error - 25.06.2012 04:41:54 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:42:00 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:42:00 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:42:00 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:46:34 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:46:34 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:46:34 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:47:00 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:47:00 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.06.2012 04:47:00 | Computer Name = aspire-5740g | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > und OTL logfile created on: 25.06.2012 10:43:24 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Franz\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,54% Memory free 7,73 Gb Paging File | 6,95 Gb Available in Paging File | 89,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 161,84 Gb Free Space | 56,73% Space Free | Partition Type: NTFS Drive D: | 267,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASPIRE-5740G | User Name: Franz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.25 10:26:07 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Franz\Downloads\OTL.exe PRC - [2012.06.07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.12.10 11:15:06 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.25 09:14:37 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2012.06.24 15:26:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.09 22:45:36 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 10:52:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 10:52:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.23 11:48:08 | 000,178,176 | ---- | M] (Mediafour Corporation) [Auto | Stopped] -- C:\Programme\Mediafour\MacDrive 9\MacDrive9Service.exe -- (MacDrive9Service) SRV - [2011.06.09 00:18:29 | 000,219,128 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011.06.09 00:18:24 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.25 10:15:36 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36) DRV:64bit: - [2012.05.08 10:52:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 10:52:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.03 16:52:42 | 000,316,080 | ---- | M] (Mediafour Corporation) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT) DRV:64bit: - [2011.05.09 11:37:40 | 000,032,936 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT) DRV:64bit: - [2011.05.06 09:19:34 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.20 16:49:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.05.11 12:00:40 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.12.10 13:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.06 22:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.13 21:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.08.06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.07.23 00:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2011.09.06 11:17:56 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/29 10:59:10] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361010h016l04d8z1j5t7561d34n IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361010h016l04d8z1j5t7561d34n IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361010h016l04d8z1j5t7561d34n IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361010h016l04d8z1j5t7561d34n IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27361010h016l04d8z1j5t7561d34n IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - prefs.js..network.proxy.http: "62.65.159.182" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.27 13:30:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.29 21:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.09 22:45:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.18 14:00:10 | 000,000,000 | ---D | M] [2010.10.20 16:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\Extensions [2012.05.02 08:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\Firefox\Profiles\wqx6t7v5.default\extensions [2010.10.31 13:41:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Franz\AppData\Roaming\mozilla\Firefox\Profiles\wqx6t7v5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.10 18:35:27 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Franz\AppData\Roaming\mozilla\Firefox\Profiles\wqx6t7v5.default\extensions\ffxtlbra@softonic.com [2012.01.08 12:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.05 17:54:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\FRANZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQX6T7V5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.05.09 22:45:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.14 12:18:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 12:18:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.14 12:18:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 12:18:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 12:18:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 12:18:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.23_0\ CHR - Extension: Little Alchemy = C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2010.06.24 19:17:03 | 000,001,300 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MacDrive 9 application] C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe (Mediafour Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Franz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{302C98B6-58B3-43CD-BA15-E18E8BB90DF3}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{24a4813e-3e85-11e0-b67d-00262d9a162f}\Shell - "" = AutoRun O33 - MountPoints2\{24a4813e-3e85-11e0-b67d-00262d9a162f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{88cba881-ee87-11df-98ca-00262d9a162f}\Shell - "" = AutoRun O33 - MountPoints2\{88cba881-ee87-11df-98ca-00262d9a162f}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{d4b77876-91fa-11e0-958c-00262d9a162f}\Shell - "" = AutoRun O33 - MountPoints2\{d4b77876-91fa-11e0-958c-00262d9a162f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.25 09:19:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2012.06.25 09:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.06.25 09:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.06.22 08:54:04 | 000,000,000 | ---D | C] -- C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wave Splitter [2012.06.22 08:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wave Splitter [2012.06.22 08:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wave Splitter [2012.06.21 20:49:50 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun506.exe [2012.06.21 20:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3 File Editor [2012.06.21 20:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3 File Editor [2012.06.21 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Franz\Desktop\mp32wav [2012.06.21 18:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus [2012.06.21 18:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS [2012.06.20 23:11:45 | 000,000,000 | ---D | C] -- C:\Users\Franz\Desktop\Bilder zahniball [2012.06.19 02:32:35 | 000,000,000 | ---D | C] -- C:\Users\Franz\Desktop\Neuer Ordner [2012.06.14 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\Franz\zahnifilm [2012.06.14 17:12:05 | 000,070,344 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\CBDisk.sys [2012.06.14 17:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mediafour [2012.06.14 17:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour [2012.06.14 17:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour [2012.06.14 17:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediafour [2012.06.14 17:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Mediafour [2012.06.14 17:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive*9 Standard [2012.06.14 16:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2012.06.14 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2012.06.14 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Franz\Documents\My ISO Files [2012.06.14 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2012.06.13 15:53:40 | 000,000,000 | ---D | C] -- C:\Users\Franz\AppData\Local\Macromedia [2012.06.05 22:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ipvwnjssmqoetbw [2012.05.30 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Franz\Desktop\Hahn [2012.04.10 16:23:24 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\Users\Franz\NPE25.exe [2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.25 10:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.25 10:18:02 | 3111,514,112 | -HS- | M] () -- C:\hiberfil.sys [2012.06.25 10:16:54 | 004,503,728 | ---- | M] () -- C:\ProgramData\kcap_0paos.pad [2012.06.25 10:15:36 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012.06.25 10:15:30 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.25 09:19:24 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2012.06.25 09:14:37 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2012.06.25 08:58:57 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 08:58:57 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 08:37:28 | 000,001,893 | ---- | M] () -- C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.25 08:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.25 08:25:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.23 16:30:57 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.23 16:30:57 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.23 16:30:57 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.23 16:30:57 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.23 16:30:57 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.22 23:31:21 | 000,006,144 | ---- | M] () -- C:\Users\Franz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.21 23:11:31 | 014,374,486 | ---- | M] () -- C:\Users\Franz\Desktop\Nationalhymne Tschechien.wav [2012.06.21 23:10:05 | 029,407,680 | ---- | M] () -- C:\Users\Franz\Desktop\Die britische Hymne - The British Anthem - L'hymne britannique.wav [2012.06.21 23:08:58 | 017,258,950 | ---- | M] () -- C:\Users\Franz\Desktop\Hymne italia.wav [2012.06.21 23:08:21 | 017,165,334 | ---- | M] () -- C:\Users\Franz\Desktop\Nationalhymne Spanien - National Anthem of Spain.wav [2012.06.21 23:07:41 | 016,327,218 | ---- | M] () -- C:\Users\Franz\Desktop\nationalhymne Portugal - National Anthem of Portugal.wav [2012.06.21 23:07:04 | 027,285,542 | ---- | M] () -- C:\Users\Franz\Desktop\Nationalhymne Frankreichs (Instrumental).wav [2012.06.21 23:06:19 | 011,735,242 | ---- | M] () -- C:\Users\Franz\Desktop\Nationalhymne Griechenland - National Anthem of Greek.wav [2012.06.21 23:06:02 | 016,108,730 | ---- | M] () -- C:\Users\Franz\Desktop\Nationalhymne USA.wav [2012.06.21 19:04:28 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun506.exe [2012.06.21 19:03:24 | 000,997,692 | ---- | M] () -- C:\Users\Franz\Desktop\mp32wav.zip [2012.06.21 00:41:02 | 000,271,360 | ---- | M] () -- C:\Users\Franz\Documents\archive.pst [2012.06.17 17:12:11 | 003,753,294 | ---- | M] () -- C:\Users\Franz\Desktop\Kinderzahnheilkunde_Fragensammlung.pdf [2012.06.14 17:23:23 | 2313,451,520 | ---- | M] () -- C:\Users\Franz\FCPX.iso [2012.06.14 16:59:59 | 000,000,017 | ---- | M] () -- C:\Users\Franz\AppData\Local\resmon.resmoncfg [2012.06.14 16:51:42 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk [2012.06.14 15:57:04 | 000,428,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.09 02:52:49 | 000,390,363 | ---- | M] () -- C:\Users\Franz\Desktop\linie_2_ab_11.12.2011.pdf [2012.06.05 22:58:16 | 000,000,448 | ---- | M] () -- C:\ProgramData\ofvdojljyeajflk [2012.06.04 20:15:24 | 000,891,782 | ---- | M] () -- C:\Users\Franz\Desktop\Praktikumsheft_Zahnmedizin_SS2012.pdf [2012.06.03 20:46:51 | 000,001,057 | ---- | M] () -- C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.03 20:46:51 | 000,000,633 | ---- | M] () -- C:\Windows\wininit.ini [2012.05.30 23:45:23 | 000,567,457 | ---- | M] () -- C:\Users\Franz\Desktop\RobertMühligvorlesungmkg.pdf [2012.05.30 23:23:46 | 000,661,078 | ---- | M] () -- C:\Users\Franz\Desktop\Karl-Heinz Hahn.pdf [2012.05.30 19:43:00 | 000,530,226 | ---- | M] () -- C:\Users\Franz\Desktop\Hahn.rar [2012.05.29 21:30:37 | 000,151,223 | ---- | M] () -- C:\Users\Franz\Desktop\Studienbescheinigungsose2012.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.25 09:21:33 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012.06.25 09:14:37 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2012.06.25 08:37:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\kcap_0paos.pad [2012.06.25 08:37:28 | 000,001,893 | ---- | C] () -- C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.21 23:12:04 | 000,006,144 | ---- | C] () -- C:\Users\Franz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.21 23:11:30 | 014,374,486 | ---- | C] () -- C:\Users\Franz\Desktop\Nationalhymne Tschechien.wav [2012.06.21 23:10:05 | 029,407,680 | ---- | C] () -- C:\Users\Franz\Desktop\Die britische Hymne - The British Anthem - L'hymne britannique.wav [2012.06.21 23:08:58 | 017,258,950 | ---- | C] () -- C:\Users\Franz\Desktop\Hymne italia.wav [2012.06.21 23:08:21 | 017,165,334 | ---- | C] () -- C:\Users\Franz\Desktop\Nationalhymne Spanien - National Anthem of Spain.wav [2012.06.21 23:07:40 | 016,327,218 | ---- | C] () -- C:\Users\Franz\Desktop\nationalhymne Portugal - National Anthem of Portugal.wav [2012.06.21 23:07:03 | 027,285,542 | ---- | C] () -- C:\Users\Franz\Desktop\Nationalhymne Frankreichs (Instrumental).wav [2012.06.21 23:06:19 | 011,735,242 | ---- | C] () -- C:\Users\Franz\Desktop\Nationalhymne Griechenland - National Anthem of Greek.wav [2012.06.21 23:06:01 | 016,108,730 | ---- | C] () -- C:\Users\Franz\Desktop\Nationalhymne USA.wav [2012.06.21 19:03:20 | 000,997,692 | ---- | C] () -- C:\Users\Franz\Desktop\mp32wav.zip [2012.06.17 17:12:25 | 003,753,294 | ---- | C] () -- C:\Users\Franz\Desktop\Kinderzahnheilkunde_Fragensammlung.pdf [2012.06.14 17:20:36 | 2313,451,520 | ---- | C] () -- C:\Users\Franz\FCPX.iso [2012.06.14 17:18:44 | 1185,021,923 | ---- | C] () -- C:\Users\Franz\Motion.dmg [2012.06.14 17:17:54 | 1516,548,586 | ---- | C] () -- C:\Users\Franz\FCPX.dmg [2012.06.14 16:59:59 | 000,000,017 | ---- | C] () -- C:\Users\Franz\AppData\Local\resmon.resmoncfg [2012.06.14 16:51:42 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk [2012.06.05 22:58:14 | 000,000,448 | ---- | C] () -- C:\ProgramData\ofvdojljyeajflk [2012.06.03 21:20:21 | 000,891,782 | ---- | C] () -- C:\Users\Franz\Desktop\Praktikumsheft_Zahnmedizin_SS2012.pdf [2012.05.30 23:45:23 | 000,567,457 | ---- | C] () -- C:\Users\Franz\Desktop\RobertMühligvorlesungmkg.pdf [2012.05.30 23:23:37 | 000,661,078 | ---- | C] () -- C:\Users\Franz\Desktop\Karl-Heinz Hahn.pdf [2012.05.30 19:43:00 | 000,530,226 | ---- | C] () -- C:\Users\Franz\Desktop\Hahn.rar [2012.05.29 21:30:37 | 000,151,223 | ---- | C] () -- C:\Users\Franz\Desktop\Studienbescheinigungsose2012.pdf [2012.03.10 18:50:02 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.10 18:39:30 | 000,000,528 | ---- | C] () -- C:\Windows\Player.INI [2012.02.23 20:26:58 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.11.08 22:37:12 | 000,000,026 | ---- | C] () -- C:\Windows\dksav1.ini [2011.10.26 12:35:17 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.26 12:35:09 | 000,000,006 | ---- | C] () -- C:\Windows\pol32.ini [2011.08.15 08:30:41 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.08.15 08:30:41 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.07.06 12:34:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll [2011.06.23 22:42:35 | 000,011,386 | -HS- | C] () -- C:\Users\Franz\AppData\Local\my6id56c0sucj34e8r352r6lws04 [2011.06.23 22:42:35 | 000,011,386 | -HS- | C] () -- C:\ProgramData\my6id56c0sucj34e8r352r6lws04 [2011.06.09 00:18:40 | 000,219,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.09 00:18:24 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.02.22 19:39:36 | 000,000,633 | ---- | C] () -- C:\Windows\wininit.ini [2010.12.20 23:11:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.04 20:09:26 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI [2010.10.20 16:38:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2012.04.11 17:34:21 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Audacity [2012.01.30 13:44:37 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Canneverbe Limited [2010.12.04 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Canon [2010.10.20 17:56:16 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\DAEMON Tools Lite [2012.06.25 10:15:55 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Dropbox [2011.12.15 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\DVDVideoSoft [2011.12.15 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.27 20:44:16 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\FreeFLVConverter [2011.11.03 17:53:48 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\ICQ [2011.11.09 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\kock [2010.11.13 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Primal Pictures [2011.09.22 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\ProtectDisc [2010.10.20 21:00:10 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Sinvise Systems [2012.03.10 18:29:24 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\SourceTec [2012.04.11 12:51:59 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Steinberg [2012.04.18 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\TuneUp Software [2012.05.30 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\UAs [2011.12.28 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Unity [2011.09.19 22:06:05 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\uTorrent [2012.03.10 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Xilisoft [2012.05.30 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\xmldm [2012.06.06 21:31:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > achso. ich führe den rechner grade im abgesicherten modus mit netzwerktreibern aus. am liebsten wäre mir eine mail an mich als antwort. wenn das nicht möglich ist, freue ich mich aber auch über jede öffentliche antwort auf dieses scheinbar ubiquitäre problem. mfg Friendz |
|
28.06.2012, 11:19
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU/ Polizei TrojanerZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu GVU/ Polizei Trojaner |
| adblock, alternate, avira, converter, desktop, error, excel, festplatte, flash player, google, home, hängen, install.exe, klassiker, launch, logfile, microsoft office word, mp3, myphoneexplorer, nicht möglich, office 2007, plug-in, problem, programm, realtek, richtlinie, scan, searchscopes, security, server, softonic, software, starten, svchost.exe, symantec, trojane, trojaner, webcam gvu trojaner, windows |
Linear-Darstellung
