| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.06.2012, 20:49
| #1 |
| |  TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? Guten Abend Zusammen, seit heute gibt Antivir unaufhörlich Fundmeldungen über Dateien namens "ATRAPS.Gen" oder "ATRAPS.Gen2" aus. Gerne auch mal beide gleichzeitig. Bin bei der Webrecherche auf dieses Board gestoßen und erhoffe mir nun nach dem Lesen einiger Threads Hilfe von den versierten Usern hier. Ich selbst bin, was Schädlingsbekämpfung angeht, absoluter Laie. Daher bin ich nach der Anleitung aus diesem Forum vorgegangen. dfogger wurde ausgeführt mit anschließendem Neustart. Danach bin ich mit OTL drübergegangen. Das Ergebnis findet ihr hier: OTL.txt OTL logfile created on: 27.06.2012 21:18:12 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Tobi\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,74% Memory free 16,05 Gb Paging File | 14,04 Gb Available in Paging File | 87,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,32 Gb Total Space | 18,05 Gb Free Space | 5,29% Space Free | Partition Type: NTFS Drive D: | 341,32 Gb Total Space | 90,95 Gb Free Space | 26,65% Space Free | Partition Type: NTFS Drive I: | 232,88 Gb Total Space | 200,90 Gb Free Space | 86,26% Space Free | Partition Type: NTFS Drive K: | 1396,92 Gb Total Space | 972,87 Gb Free Space | 69,64% Space Free | Partition Type: FAT32 Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.27 20:32:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe PRC - [2012.05.08 18:44:45 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:44:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:44:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.08.03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.02.09 14:59:54 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.12.24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.12.24 17:34:10 | 000,058,664 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe PRC - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.09.12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.09.12 14:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe MOD - [2009.02.09 14:59:56 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.02.09 14:59:52 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.05.23 20:56:54 | 000,841,472 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV:64bit: - [2010.05.23 20:56:39 | 000,506,112 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV:64bit: - [2009.03.20 15:01:04 | 000,034,560 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2012.06.27 19:39:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.26 22:21:40 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.17 21:37:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 18:44:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 18:44:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.26 22:57:00 | 003,822,544 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 15:01:04 | 000,028,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2008.12.24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (CyberLink Media Server Service) SRV - [2008.12.24 17:34:10 | 000,058,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe -- (CyberLink Media Server Monitor Service) SRV - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.09.12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 18:44:45 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 18:44:45 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.09.29 09:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.10.18 20:20:42 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009.10.18 20:20:42 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.08 15:35:57 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt) DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.04.08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21) DRV:64bit: - [2009.02.20 12:10:00 | 000,191,392 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.01.13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2009.01.13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2009.01.13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.01.13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2008.11.21 03:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2008.10.27 12:06:00 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2008.10.27 12:06:00 | 000,022,064 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2008.10.27 12:06:00 | 000,020,528 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDNServ.sys -- (mwlPSDNServ) DRV:64bit: - [2008.09.12 13:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2007.06.29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE343 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?brand=ACAW&bmod=ACEU" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009.08.23 23:56:10 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009.08.23 23:56:10 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tobi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.06.20 21:02:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2012.06.20 21:02:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.06.20 21:02:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2012.06.20 21:02:12 | 000,000,000 | ---D | M] [2009.08.08 15:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2012.06.26 19:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions [2012.03.29 19:29:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.11 10:34:23 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011.09.11 23:21:48 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions\netvideohunter@netvideohunter.com [2009.08.08 15:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.01.06 00:21:06 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\69DXAHQX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.19 21:27:31 | 000,014,108 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\69DXAHQX.DEFAULT\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI [2011.08.25 21:30:42 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\69DXAHQX.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2009.08.27 19:36:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{531B9702-5D93-4F39-A56C-08A04EE4C0E1}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B69082-9DC4-40DA-BD2B-AED4273EB83B}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.05 14:42:40 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008.10.24 14:30:10 | 000,000,088 | R--- | M] () - K:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0ae0a23d-99a4-11df-9a26-ef9eb5724470}\Shell - "" = AutoRun O33 - MountPoints2\{0ae0a23d-99a4-11df-9a26-ef9eb5724470}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O33 - MountPoints2\{2023da17-83c0-11df-a2f0-f3f6342661cc}\Shell - "" = AutoRun O33 - MountPoints2\{2023da17-83c0-11df-a2f0-f3f6342661cc}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{2023da32-83c0-11df-a2f0-f3f6342661cc}\Shell - "" = AutoRun O33 - MountPoints2\{2023da32-83c0-11df-a2f0-f3f6342661cc}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{b64c318e-8420-11de-a71e-001f16f2409b}\Shell - "" = AutoRun O33 - MountPoints2\{b64c318e-8420-11de-a71e-001f16f2409b}\Shell\AutoRun\command - "" = H:\Cat_Girl_Alliance_Setup.exe O33 - MountPoints2\{bca729b1-0077-11df-86ea-9f5aa7d4eee3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Play.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 20:32:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.06.26 18:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD [2012.06.20 21:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.20 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.20 21:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.20 21:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.20 21:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.18 19:36:38 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Anno 1503 [2012.06.17 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru Games [2012.06.17 19:53:17 | 1608,421,237 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Tobi\Desktop\gbs_de_setup_last.exe [2012.06.17 18:57:47 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\backup [2012.06.17 13:42:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\roxy [2012.06.14 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC4_Censored [2012.06.14 22:18:28 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC3_Censored [2012.06.14 22:18:24 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC2_Censored [2012.06.14 22:18:12 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC1_Censored [2012.06.11 21:19:37 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\delToro_Vampir03 [2012.06.11 21:17:31 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Trudi [2012.06.11 19:18:18 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Macromedia [2012.06.03 21:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.06.03 21:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.06.03 18:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2012.06.03 14:45:00 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\borderlands [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Tobi\AppData\Local\*.tmp files -> C:\Users\Tobi\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.27 21:20:17 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.27 21:20:17 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.27 21:20:17 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.27 21:20:17 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.27 21:20:17 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.27 21:14:28 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.06.27 21:14:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.27 21:13:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 21:13:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 21:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.27 21:13:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.06.27 21:12:20 | 000,000,188 | ---- | M] () -- C:\Users\Tobi\defogger_reenable [2012.06.27 21:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.27 20:34:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.27 20:32:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.06.27 20:30:35 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.06.27 19:16:06 | 000,121,344 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.26 18:53:18 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\ANNO 1503 GOLD spielen.lnk [2012.06.25 20:20:38 | 026,483,027 | ---- | M] () -- C:\Users\Tobi\Desktop\vidz_Cute_latina_chubby_busty_fingering_wcns.flv [2012.06.25 20:20:02 | 025,867,041 | ---- | M] () -- C:\Users\Tobi\Desktop\vidz_Hot_loud_asian_chick_toys_pussy_fingers_ass_wcws.flv [2012.06.25 20:18:53 | 017,275,841 | ---- | M] () -- C:\Users\Tobi\Desktop\vidz_Hot_busty_latina_strips_deep_fingers_shaved_pussy_wc.flv [2012.06.25 20:13:37 | 006,301,500 | ---- | M] () -- C:\Users\Tobi\Desktop\13402698750eb36.flv [2012.06.21 22:36:08 | 383,429,604 | ---- | M] () -- C:\Users\Tobi\Desktop\5154444.flv [2012.06.21 21:41:15 | 221,974,564 | ---- | M] () -- C:\Users\Tobi\Desktop\5169460.flv [2012.06.21 21:07:05 | 000,000,907 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.06.18 20:10:56 | 000,000,276 | ---- | M] () -- C:\Windows\wininit.ini [2012.06.17 20:48:47 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\Gunblade Saga.lnk [2012.06.17 20:37:58 | 1608,421,237 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Tobi\Desktop\gbs_de_setup_last.exe [2012.06.17 19:01:38 | 000,000,687 | ---- | M] () -- C:\Users\Tobi\Desktop\Civilization4.exe - Verknüpfung.lnk [2012.06.15 21:54:49 | 000,076,059 | ---- | M] () -- C:\Users\Tobi\Desktop\porsche-bei-mobilede.jpg [2012.06.15 21:34:53 | 000,055,860 | ---- | M] () -- C:\Users\Tobi\Desktop\schneebilder-an-autos.jpg [2012.06.14 21:43:08 | 003,082,777 | ---- | M] () -- C:\Users\Tobi\Desktop\rld-c417.rar [2012.06.14 21:22:44 | 2085,459,622 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC3_Censored.zip [2012.06.14 21:14:21 | 1608,493,771 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC4_Censored.zip [2012.06.14 20:23:49 | 1164,208,343 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC1_Censored.zip [2012.06.14 19:45:34 | 531,002,057 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC2_Censored.zip [2012.06.13 18:56:50 | 000,352,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:12:35 | 009,861,643 | ---- | M] () -- C:\Users\Tobi\Desktop\House Music Vingretto- Vine-Bonkers Remix.mp3 [2012.06.05 22:18:05 | 007,583,179 | ---- | M] () -- C:\Users\Tobi\Desktop\Jan Delay - Irgendwie, Irgendwo, Irgendwann (Musikvideo).mp3 [2012.06.05 21:55:07 | 007,892,469 | ---- | M] () -- C:\Users\Tobi\Desktop\Deichkind - Bück dich hoch.mp3 [2012.06.03 21:26:54 | 000,831,248 | ---- | M] () -- C:\Users\Tobi\Desktop\atation.png [2012.05.31 22:55:54 | 009,932,947 | ---- | M] () -- C:\Users\Tobi\Desktop\Metallica - Enter Sandman.mp3 [2012.05.31 22:55:21 | 006,468,900 | ---- | M] () -- C:\Users\Tobi\Desktop\Lagwagon - Brown eyed girl.mp3 [2012.05.31 22:45:04 | 007,213,457 | ---- | M] () -- C:\Users\Tobi\Desktop\DJ Delicious presents Phunk-A-Delic vs. Akon - Rockin vs. Smack That (MasterMix) HD.mp3 [2012.05.31 22:31:03 | 009,430,560 | ---- | M] () -- C:\Users\Tobi\Desktop\Genesis - I cant dance (1991).mp3 [2012.05.31 22:05:33 | 006,250,475 | ---- | M] () -- C:\Users\Tobi\Desktop\Mike Candys 2012 (If the world would end) HD.mp3 [2012.05.31 21:57:48 | 006,592,366 | ---- | M] () -- C:\Users\Tobi\Desktop\Back in Time-Pitbull (Official Video).mp3 [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Tobi\AppData\Local\*.tmp files -> C:\Users\Tobi\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.27 21:18:39 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\U\800000cb.@ [2012.06.27 21:18:39 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\U\80000000.@ [2012.06.27 21:12:19 | 000,000,188 | ---- | C] () -- C:\Users\Tobi\defogger_reenable [2012.06.27 20:30:28 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.06.27 19:39:34 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\U\00000001.@ [2012.06.26 18:53:18 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\ANNO 1503 GOLD spielen.lnk [2012.06.25 20:16:10 | 026,483,027 | ---- | C] () -- C:\Users\Tobi\Desktop\vidz_Cute_latina_chubby_busty_fingering_wcns.flv [2012.06.25 20:15:48 | 017,275,841 | ---- | C] () -- C:\Users\Tobi\Desktop\vidz_Hot_busty_latina_strips_deep_fingers_shaved_pussy_wc.flv [2012.06.25 20:15:35 | 025,867,041 | ---- | C] () -- C:\Users\Tobi\Desktop\vidz_Hot_loud_asian_chick_toys_pussy_fingers_ass_wcws.flv [2012.06.25 20:13:31 | 006,301,500 | ---- | C] () -- C:\Users\Tobi\Desktop\13402698750eb36.flv [2012.06.21 21:12:41 | 383,429,604 | ---- | C] () -- C:\Users\Tobi\Desktop\5154444.flv [2012.06.21 21:12:25 | 221,974,564 | ---- | C] () -- C:\Users\Tobi\Desktop\5169460.flv [2012.06.21 21:07:05 | 000,000,907 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.06.17 20:48:47 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\Gunblade Saga.lnk [2012.06.17 19:01:38 | 000,000,687 | ---- | C] () -- C:\Users\Tobi\Desktop\Civilization4.exe - Verknüpfung.lnk [2012.06.15 21:54:49 | 000,076,059 | ---- | C] () -- C:\Users\Tobi\Desktop\porsche-bei-mobilede.jpg [2012.06.15 21:34:52 | 000,055,860 | ---- | C] () -- C:\Users\Tobi\Desktop\schneebilder-an-autos.jpg [2012.06.14 21:43:04 | 003,082,777 | ---- | C] () -- C:\Users\Tobi\Desktop\rld-c417.rar [2012.06.14 19:05:41 | 1164,208,343 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC1_Censored.zip [2012.06.14 19:05:34 | 531,002,057 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC2_Censored.zip [2012.06.14 19:05:29 | 2085,459,622 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC3_Censored.zip [2012.06.14 19:05:21 | 1608,493,771 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC4_Censored.zip [2012.06.12 20:12:11 | 009,861,643 | ---- | C] () -- C:\Users\Tobi\Desktop\House Music Vingretto- Vine-Bonkers Remix.mp3 [2012.06.05 22:17:58 | 007,583,179 | ---- | C] () -- C:\Users\Tobi\Desktop\Jan Delay - Irgendwie, Irgendwo, Irgendwann (Musikvideo).mp3 [2012.06.05 21:54:57 | 007,892,469 | ---- | C] () -- C:\Users\Tobi\Desktop\Deichkind - Bück dich hoch.mp3 [2012.06.03 21:29:57 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.03 21:29:56 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.03 21:26:42 | 000,831,248 | ---- | C] () -- C:\Users\Tobi\Desktop\atation.png [2012.05.31 22:55:37 | 009,932,947 | ---- | C] () -- C:\Users\Tobi\Desktop\Metallica - Enter Sandman.mp3 [2012.05.31 22:55:11 | 006,468,900 | ---- | C] () -- C:\Users\Tobi\Desktop\Lagwagon - Brown eyed girl.mp3 [2012.05.31 22:44:51 | 007,213,457 | ---- | C] () -- C:\Users\Tobi\Desktop\DJ Delicious presents Phunk-A-Delic vs. Akon - Rockin vs. Smack That (MasterMix) HD.mp3 [2012.05.31 22:30:46 | 009,430,560 | ---- | C] () -- C:\Users\Tobi\Desktop\Genesis - I cant dance (1991).mp3 [2012.05.31 22:05:25 | 006,250,475 | ---- | C] () -- C:\Users\Tobi\Desktop\Mike Candys 2012 (If the world would end) HD.mp3 [2012.05.31 21:57:36 | 006,592,366 | ---- | C] () -- C:\Users\Tobi\Desktop\Back in Time-Pitbull (Official Video).mp3 [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.11 22:54:53 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\@ [2012.01.11 22:54:53 | 000,002,048 | -HS- | C] () -- C:\Users\Tobi\AppData\Local\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\@ [2011.12.21 01:10:28 | 000,121,344 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.14 22:01:38 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.13 18:27:42 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.02 04:09:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.29 20:01:00 | 000,000,276 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.09 14:31:17 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\196BABF93E.sys [2010.10.09 14:21:06 | 000,003,766 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2010.01.25 21:20:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.12.14 11:49:49 | 000,000,187 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\default.rss ========== LOP Check ========== [2009.09.11 22:47:08 | 000,000,000 | -HSD | M] -- C:\Users\Tobi\AppData\Roaming\.# [2012.04.25 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\.minecraft [2011.02.19 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\2K Sports [2006.10.10 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Acer GameZone Console [2011.08.25 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Azureus [2010.11.30 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\bizarre creations [2010.07.24 16:31:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Camfrog [2011.07.25 14:44:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Cat Girl Alliance [2009.08.08 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DAEMON Tools Lite [2012.06.17 20:52:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Desktopicon [2012.01.11 00:28:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Doublefine [2010.03.09 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\EBookSys [2009.08.29 10:34:23 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Eltima Software [2009.08.08 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\eSobi [2009.12.06 19:18:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FFSJ [2011.03.06 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FreeAudioPack [2012.03.24 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Gutscheinmieze [2011.09.13 19:28:28 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Hobbyist Software [2009.08.08 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\HomeMedia Connect [2010.12.29 16:39:02 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Hothead Games [2012.06.25 22:30:37 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ICQ [2009.09.01 18:37:22 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Image Zone Express [2010.09.11 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech [2011.05.28 19:14:07 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Lionhead Studios [2012.01.15 03:57:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ManyCam [2010.09.17 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Need for Speed World [2009.11.23 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\NPLUTO Corporation [2011.08.19 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ooVoo Details [2010.02.22 21:05:50 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\OpenOffice.org [2009.12.30 12:29:07 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\play2p [2009.08.22 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\PowerCinema [2009.08.26 06:55:00 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Printer Info Cache [2010.05.22 14:41:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ProtectDisc [2010.12.29 18:44:40 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\runic games [2010.10.31 16:38:13 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Samsung [2010.05.29 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SEGA Corporation [2009.08.08 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SoftDMA [2010.03.08 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\thriXXX [2009.08.08 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Toolbars [2010.05.23 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TuneUp Software [2010.11.02 11:46:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Ubisoft [2012.06.27 21:14:28 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2012.06.27 21:12:35 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 55992 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Und hier die Extras.txt: OTL Extras logfile created on: 27.06.2012 21:18:12 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Tobi\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,74% Memory free 16,05 Gb Paging File | 14,04 Gb Available in Paging File | 87,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,32 Gb Total Space | 18,05 Gb Free Space | 5,29% Space Free | Partition Type: NTFS Drive D: | 341,32 Gb Total Space | 90,95 Gb Free Space | 26,65% Space Free | Partition Type: NTFS Drive I: | 232,88 Gb Total Space | 200,90 Gb Free Space | 86,26% Space Free | Partition Type: NTFS Drive K: | 1396,92 Gb Total Space | 972,87 Gb Free Space | 69,64% Space Free | Partition Type: FAT32 Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = CF DE A6 C3 46 76 CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPOCR" = HP OCR Software 8.0 "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0AC07A77-0511-4904-9FA1-616DC9BEF50D}" = Gunblade Saga "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600 "{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads! "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6 "{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}" = Top Spin 2 "{4d8dae03-04c6-4b20-9782-869936ca8aff}" = Nero 9 "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{4DCD596A-3C70-4175-8241-5947E1CCE312}_is1" = Cat Girl Alliance 1.0 "{50E4FCC7-90B9-48C6-9D17-7AE66F282878}" = Juiced2_HIN "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56ABA277-EE53-4478-A607-FA42208FF5A9}" = Menu Templates - Pack 1 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{57250E78-F6E2-4DCE-9A84-50B28A70AB84}" = Menu Templates - Pack 3 "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R) "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3 "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924306A0-2C14-4F4E-8201-0B0791DA10B4}_is1" = Cradle of Persia "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AB8E6CE-CE6D-43A0-B54E-422425524FF9}" = Menu Templates - Pack 2 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI "{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads! "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age Of Japan_is1" = Age Of Japan "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira Free Antivirus "Burger Shop1.0" = Burger Shop "Camfrog 5.5" = Camfrog Video Chat 5.5 "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis "EA Download Manager" = EA Download Manager "eMule" = eMule "Farm Frenzy" = Farm Frenzy "Grotesque-Tactics" = Grotesque-Tactics 1.0.0.4 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM) "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Logitech Vid" = Logitech Vid HD "ManyCam" = ManyCam 2.6.65 (remove only) "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OnlineFotoservice" = OnlineFotoservice "OpenAL" = OpenAL "Pflanzen gegen Zombies" = Pflanzen gegen Zombies "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Sexy Beach 3 - Complete English Edition" = Sexy Beach 3 - Complete English Edition (remove only) "Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed "Steam App 10150" = Prototype "Steam App 102600" = Orcs Must Die! "Steam App 105400" = Fable III "Steam App 105600" = Terraria "Steam App 107100" = Bastion "Steam App 115100" = Costume Quest "Steam App 200910" = Sequence "Steam App 32470" = Star Wars: Empire at War Gold "Steam App 33440" = Driver San Francisco "Steam App 36630" = Rusty Hearts "Steam App 38120" = Farm Frenzy "Steam App 38130" = Farm Frenzy 2 "Steam App 38140" = Farm Frenzy Pizza Party "Steam App 38150" = Farm Frenzy 3 "Steam App 38160" = Farm Frenzy 3 American Pie "Steam App 44320" = DiRT 3 "Steam App 55100" = Homefront "Steam App 55230" = Saints Row: The Third "Steam App 55370" = Saints Row: The Third - Initiation Station "Steam App 57900" = Duke Nukem Forever "Steam App 73010" = Cities in Motion "Steam App 8190" = Just Cause 2 "SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106) "The Next BIG Thing (de)" = The Next BIG Thing (Deutsch) "thriXXX WebLaunch" = thriXXX WebLaunch "Venetica_is1" = Venetica "VLC media player" = VLC media player 1.0.1 "VLC Streamer_is1" = VLC Streamer 1.36 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update "ZUXXEZ Entertainment AG Enclave" = Enclave ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.04.2011 14:43:44 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.04.2011 14:43:59 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 05:17:53 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 22.04.2011 05:17:53 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 22.04.2011 05:18:08 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 23.04.2011 06:25:56 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 23.04.2011 06:25:56 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 23.04.2011 06:26:11 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 23.04.2011 06:26:19 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error - 23.04.2011 06:26:19 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. [ Media Center Events ] Error - 19.06.2010 06:14:17 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (1524.1128) Error - 19.06.2010 06:14:17 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (1524.1129) Error - 20.06.2010 09:46:37 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (332.1128) Error - 20.06.2010 09:46:37 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (332.1129) Error - 27.06.2010 05:44:27 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (2432.1128) Error - 27.06.2010 05:44:27 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (2432.1129) Error - 11.09.2010 18:21:26 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (4160.1128) Error - 11.09.2010 18:21:26 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (4160.1129) Error - 12.09.2010 06:41:08 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (4272.1128) Error - 12.09.2010 06:41:08 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (4272.1129) [ System Events ] Error - 26.06.2012 12:40:36 | Computer Name = Tobi-PC | Source = DCOM | ID = 10000 Description = Error - 26.06.2012 16:24:28 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7009 Description = Error - 26.06.2012 16:24:28 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.06.2012 13:01:16 | Computer Name = Tobi-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.06.2012 13:02:44 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.06.2012 13:02:48 | Computer Name = Tobi-PC | Source = DCOM | ID = 10000 Description = Error - 27.06.2012 15:13:22 | Computer Name = Tobi-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.06.2012 15:14:09 | Computer Name = Tobi-PC | Source = DCOM | ID = 10000 Description = Error - 27.06.2012 15:15:04 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7023 Description = Error - 27.06.2012 15:15:04 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026 Description = [ TuneUp Events ] Error - 14.11.2010 12:02:02 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-14 17:02:02', '\device\harddiskvolume3\spiele\assassin's creed\assassinscreed_dx10.exe','4112',0) Error - 15.11.2010 14:14:53 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-15 19:14:53', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','3920',0) Error - 18.11.2010 13:56:14 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-18 18:56:14', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','2816',0) Error - 22.11.2010 13:50:13 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-22 18:50:13', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','2928',0) Error - 26.11.2010 16:18:53 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-26 21:18:53', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','4152',0) Error - 27.11.2010 06:29:07 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-27 11:29:07', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','4476',0) Error - 28.11.2010 05:25:32 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-28 10:25:32', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','1040',0) Error - 29.11.2010 14:06:40 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-29 19:06:40', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','3424',0) Error - 08.01.2011 07:44:47 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-01-08 12:44:47', '\device\harddiskvolume3\spiele\assassin's creed\assassinscreed_dx10.exe','5964',0) Error - 30.01.2011 11:27:22 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-01-30 16:27:22', '\device\harddiskvolume2\program files (x86)\steam\steamapps\common\sid meier's pirates!\pirates!.exe','860',0) < End of report > Habe beide Dateien auch mal angehängt. Weitere Programme habe ich nicht bzw. nicht eingesetzt. Sollten noch Angaben fehlen, sagt mir bitte Bescheid. Hoffe ich finde hier Hilfe in einer Form, wo ich mein System nicht neu aufsetzen muss. |
|
28.06.2012, 11:20
| #2 | |
| /// Malware-holic   | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? hi
__________________Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
28.06.2012, 20:43
| #3 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? Hallo,
__________________hier das Log von combofix Combofix Logfile: Code:
ATTFilter ComboFix 12-06-28.01 - Tobi 28.06.2012 21:18:04.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.8190.5101 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tobi\AppData\Roaming\.#
c:\users\Tobi\AppData\Roaming\Desktopicon
c:\users\Tobi\AppData\Roaming\FFSJ
c:\users\Tobi\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\@
c:\windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\U\00000001.@
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\BReWErS.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmp4FE5.tmp
c:\windows\SysWow64\tmp5034.tmp
c:\windows\SysWow64\tmp75FA.tmp
c:\windows\SysWow64\tmp7629.tmp
c:\windows\SysWow64\tmpBD08.tmp
c:\windows\SysWow64\tmpBD47.tmp
c:\windows\SysWow64\wpcap.dll
I:\autorun.inf
K:\Autorun.inf
K:\install.exe
.
c:\windows\system32\services.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-28 19:24 . 2012-06-28 19:24 -------- d-----w- c:\users\Mcx1-TOBI-PC\AppData\Local\temp
2012-06-28 19:24 . 2012-06-28 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 16:47 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-06-26 16:47 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-06-26 16:47 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-06-26 16:47 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-06-26 16:47 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-06-26 16:47 . 2012-06-26 16:47 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-06-26 16:47 . 2012-06-26 16:47 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-06-26 16:43 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF6F581A-E805-4CAA-9528-45C8A48B4368}\mpengine.dll
2012-06-20 19:08 . 2012-06-20 19:08 -------- d-----w- c:\program files\iPod
2012-06-20 19:08 . 2012-06-20 19:08 -------- d-----w- c:\program files\iTunes
2012-06-20 19:02 . 2012-06-20 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-20 19:02 . 2012-06-20 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-20 19:02 . 2012-06-20 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-20 19:02 . 2012-06-20 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-20 19:02 . 2012-06-20 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-20 19:02 . 2012-06-20 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-20 19:02 . 2012-06-20 19:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-20 19:01 . 2012-06-20 19:02 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-19 16:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 16:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 16:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 16:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 16:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 16:11 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-19 16:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 16:11 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-19 16:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 16:11 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-19 16:11 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 16:11 . 2012-06-02 13:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-19 16:11 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 16:11 . 2012-06-02 13:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-12 17:42 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 17:42 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 17:41 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 17:41 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 17:41 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 17:41 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 17:41 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 17:41 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-11 17:18 . 2012-06-11 17:18 -------- d-----w- c:\users\Tobi\AppData\Local\Macromedia
2012-06-03 19:29 . 2012-06-03 19:30 -------- d-----w- c:\program files (x86)\Google
2012-06-03 16:01 . 2012-06-03 16:01 -------- d-----w- c:\program files (x86)\2K Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 17:39 . 2012-03-30 16:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 17:39 . 2011-05-18 18:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 07:39 . 2012-05-02 07:40 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 07:39 . 2011-05-15 00:38 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-08-26 02:00 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-08-26 01:27 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2009-03-31 15:50 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2010-08-26 01:20 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2010-08-26 01:19 45056 ----a-w- c:\windows\system32\atitmp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-03 08:22 . 2012-05-09 22:14 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"CLMLServer"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-02-09 202024]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-11-26 1207312]
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 257224]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-28 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files (x86)\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20 13:30]
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:39]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 19:29]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 19:29]
.
2010-02-11 c:\windows\Tasks\WebReg Officejet 5600 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 51248 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 123400]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\69dxahqx.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?brand=ACAW&bmod=ACEU
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Tobi\AppData\Local\Temp\005C258.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
c:\program files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-28 21:35:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-28 19:35
.
Vor Suchlauf: 15 Verzeichnis(se), 18.922.708.992 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 20.153.315.328 Bytes frei
.
- - End Of File - - D72171B0D1E845A986957266638F36F5
|
|
29.06.2012, 17:48
| #4 |
| /// Malware-holic | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? hi c:\windows\system32\services.exe bitte mal hochladen: Trojaner-Board Upload Channel wenn fertig, bescheid geben bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.06.2012, 19:08
| #5 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? Hallo, die Datei ist hochgeladen. |
|
29.06.2012, 19:10
| #6 |
| /// Malware-holic | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? danke nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ --> TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? |
|
29.06.2012, 20:49
| #7 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? Hallo, hauptsächlich nutze ich den Rechner zum Spielen, ab und an mal zum Online Banking. Beruflich nutze ich ihn gar nicht. Skype kommt auch noch relativ regelmäßig dazu. |
|
29.06.2012, 20:53
| #8 |
| /// Malware-holic | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? hi, bank bitte anrufen, notfall nummer da wochenende, 116 116 banking wegen zero access sperren lassen. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.06.2012, 21:56
| #9 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? Hallo, Online Banking ist gesperrt, Autorun deaktiviert, an Parted Magic kann ich mich erst morgen nach der Arbeit dran machen, Passwörter werden gerade geändert (über Netbook). Habe aber nochmal einige Fragen: - Kann ich mein System mit den drei Recovery CDs von Vista neu aufsetzen? (Ist ein Fertig PC, Acer Aspire AX 3810) - Machen die Absicherungsmaßnahmen jetzt noch Sinn oder erst nach Neuinstallation des Rechners? - Zum OnlineBanking: Nutze dafür keine Software wie StarMoney oder einen ChipCard Reader. Bekomme lediglich die TAN Nummern per SMS aufs Handy. Machen diese zusätzlichen Schutzmaßnahmen Sinn? Bin dir schon jetzt total dankbar für deine Hilfe. |
|
29.06.2012, 22:33
| #10 |
| /// Malware-holic | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? - Kann ich mein System mit den drei Recovery CDs von Vista neu aufsetzen? (Ist ein Fertig PC, Acer Aspire AX 3810) dafür sind die da :-) - absichern natürlich auf dem neuen system :-) - Zum OnlineBanking: Nutze dafür keine Software wie StarMoney oder einen ChipCard Reader. Bekomme lediglich die TAN Nummern per SMS aufs Handy. Machen diese zusätzlichen Schutzmaßnahmen Sinn? starmoney und chiptan sind momentan das sicherste, also, klares ja ist gern geschehen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.06.2012, 22:45
| #11 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? [QUOTE=markusg;854435]5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. Kurze Frage dazu noch: Mit den Tools die in dem Link zur Absicherung genannt sind oder hast du spezielle Empfehlungen? |
|
30.06.2012, 15:34
| #12 |
| /// Malware-holic | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? hi, mach doch erst mal alles mit der ruhe, vor dem scannen der daten ist ja noch genug zu tun :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? |
| 7-zip, alternate, antivir, audiograbber, autorun, avira, bho, bonjour, error, excel, fehler, firefox, firefox 13.0.1, flash player, format, genesis, google earth, grand theft auto, home, install.exe, locker, logfile, microsoft office word, mozilla, mp3, mywinlocker, neu aufsetzen, neustart., office 2007, officejet, pirates, plug-in, popup, realtek, registry, richtlinie, rundll, scan, searchscopes, security, server, software, tr/atraps.gen und tr/atraps.gen2, version., version=1.0, vista, visual studio |
Linear-Darstellung
