| |
| |||||||
Mülltonne: GVU-Trojaner hat mein laptop lahm gelegt!Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
14.06.2013, 10:50
| #1 |
 |  GVU-Trojaner hat mein laptop lahm gelegt! Hallo, jetzt hat es mich auch erwischt und ich habe mir so einen gvu-trojaner eingefangen. nach dem neustarten ging auch nicht mehr der abgesicherte modus und es kam nur noch ein schwarzer bildschirm mit weißem mauszeiger. da ich vorerst in anderen posts mit dem gleichen problem gelesen hab, das die ersten schritte so ähnlich ablaufen, habe ich schonmal die OTLPE.exe mir auf CD gebrannt und in den infizierten laptop eingelesen und gebootet. die otl.txt und die extras.txt habe nun herausbekommen und auf dem gesunden rechner gezogen (siehe weiter unten). Ich brauche meinen laptop sehr dringend und wäre dankebar für jede weitere instruktion. laptop facts: Acer Aspire 5930G 32-bit Win Vista OTL: Code:
ATTFilter OTL logfile created on: 6/13/2013 5:41:28 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.65 Gb Total Space | 25.91 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive D: | 465.70 Gb Total Space | 450.17 Gb Free Space | 96.66% Space Free | Partition Type: FAT32
Drive E: | 142.67 Gb Total Space | 110.04 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (TuneUp.UtilitiesSvc)
SRV - [2013/06/11 16:52:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/18 07:24:05 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/27 06:35:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/27 06:34:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/04/13 16:33:45 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2008/11/04 10:50:16 | 000,085,096 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/07/24 06:12:48 | 003,517,440 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008/03/21 07:22:52 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/04 17:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/10 11:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/06 10:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/19 13:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2013/03/27 06:35:22 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/27 06:35:22 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/27 06:35:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/27 18:54:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/30 05:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/26 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/06/18 13:28:29 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/06/18 13:28:28 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/09/07 17:08:18 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/24 06:12:44 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/05/30 17:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/04/28 10:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/11 21:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/03 16:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/29 19:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/08/16 22:00:00 | 000,355,840 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\alesis2u.sys -- (ALESIS_USB2)
DRV - [2007/08/16 22:00:00 | 000,032,256 | ---- | M] (Numark) [Kernel | On_Demand] -- C:\Windows\System32\drivers\alesis2a.sys -- (ALESIS_USB2_A)
DRV - [2007/07/17 11:40:20 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/07/17 11:40:14 | 000,034,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/26 02:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/23 12:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Mcx1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://web.de/ [binary data]
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/05 16:47:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/18 07:24:00 | 000,000,000 | ---D | M]
[2013/05/18 07:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/18 07:24:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/05 16:46:37 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\Rico_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Rico_ON_C..\Run: [EPSON BX320FW Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [EPSON Stylus Photo PX700W (Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [EPSON41B354 (Epson Stylus Office BX320FW)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [Spotify] C:\Users\Rico\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Rico_ON_C..\Run: [Spotify Web Helper] C:\Users\Rico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\Mcx1_ON_C..\RunOnce: [AcerScrSav] C:\Windows\ACER\run_NB.exe ()
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/06/13 15:26:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/13 06:07:42 | 000,000,000 | ---D | C] -- C:\Temp
[2013/05/18 07:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/15 21:14:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/15 21:02:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/05/15 21:02:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 21:02:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 21:02:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/15 21:02:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 21:02:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/15 21:02:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 21:02:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/15 21:02:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 05:35:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 05:35:12 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rico\AppData\Roaming\*.tmp files -> C:\Users\Rico\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/13 07:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/13 05:50:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/06/12 19:39:18 | 000,000,004 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\skype.ini
[2013/06/12 19:33:04 | 000,245,436 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/12 19:33:04 | 000,245,436 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/12 18:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/12 18:51:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 18:51:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 15:15:32 | 000,002,513 | ---- | M] () -- C:\Users\Rico\Desktop\Excel 2003.lnk
[2013/06/12 10:41:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/12 10:41:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/12 10:41:47 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/06/12 10:41:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/11 20:57:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/11 16:52:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 16:52:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/11 09:49:16 | 000,002,481 | ---- | M] () -- C:\Users\Rico\Desktop\Word 2003.lnk
[2013/06/02 14:49:09 | 000,000,664 | ---- | M] () -- C:\Users\Rico\Desktop\FSCapture.lnk
[2013/05/26 15:06:44 | 000,172,544 | ---- | M] () -- C:\Users\Rico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/16 06:09:48 | 000,392,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rico\AppData\Roaming\*.tmp files -> C:\Users\Rico\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/12 19:37:22 | 000,000,004 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\skype.ini
[2013/06/02 14:49:31 | 000,000,664 | ---- | C] () -- C:\Users\Rico\Desktop\FSCapture.lnk
[2013/03/27 06:49:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/09/18 12:21:46 | 000,076,348 | ---- | C] () -- C:\ProgramData\vciwbphvqrcnodj
[2012/05/17 05:20:36 | 000,000,079 | ---- | C] () -- C:\Users\Rico\AppData\Local\CrystalDiskMark30.ini
[2012/03/08 17:02:02 | 000,060,928 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\skype.dat
[2012/01/01 09:55:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/01 09:55:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/05 16:46:23 | 000,000,013 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\urhtps.dat
[2010/09/26 07:06:18 | 000,000,996 | ---- | C] () -- C:\Windows\wiso.ini
[2009/11/20 17:16:33 | 000,004,096 | -H-- | C] () -- C:\Users\Rico\AppData\Local\keyfile3.drm
[2009/06/18 13:28:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/06/18 13:28:28 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/06/13 16:09:20 | 000,000,760 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\setup_ldm.iss
[2009/03/11 18:28:09 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2009/02/04 14:30:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2009/02/04 13:11:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/02/04 13:11:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/02/04 13:11:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/02/04 13:11:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/02/04 13:11:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/02/04 13:11:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/02/04 13:11:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/02/04 13:11:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/02/04 13:11:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/02/04 13:11:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/02/04 13:11:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/02/04 13:11:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/02/04 13:11:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/02/04 13:11:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/02/04 13:11:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/02/04 13:11:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/02/04 13:11:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/02/04 13:11:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/02/04 13:11:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/01/16 13:39:45 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/12/15 13:12:29 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat
[2008/12/08 09:36:21 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/12/08 09:36:21 | 000,022,328 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\PnkBstrK.sys
[2008/12/08 09:36:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/12/08 09:36:04 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/12/08 09:36:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/10/22 00:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/17 09:11:06 | 000,000,043 | ---- | C] () -- C:\Windows\festo.ini
[2008/09/07 16:37:07 | 000,012,583 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\UserTile.png
[2008/09/07 08:58:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/07 06:35:00 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/31 13:00:34 | 000,000,680 | ---- | C] () -- C:\Users\Rico\AppData\Local\d3d9caps.dat
[2008/08/31 07:03:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/29 18:00:21 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll
[2008/08/29 15:32:42 | 000,065,024 | ---- | C] () -- C:\Windows\IFinst26.exe
[2008/08/28 15:51:26 | 000,172,544 | ---- | C] () -- C:\Users\Rico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/28 13:19:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/24 15:52:43 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/07/24 06:15:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/24 06:13:09 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/07/24 06:11:28 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/24 06:11:28 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/24 06:11:28 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/24 06:11:28 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/24 06:08:01 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/24 06:08:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/24 06:08:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/24 06:08:01 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/07/24 06:03:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/24 06:01:50 | 000,245,436 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/24 06:01:48 | 000,245,436 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/05/07 23:32:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/05/07 23:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/05/07 23:32:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/05/07 23:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/05/07 14:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/07 14:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/07 14:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 04:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 04:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 04:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 04:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/01/26 02:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/12/20 05:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 05:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2013/03/27 06:45:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson
[2008/08/28 11:39:15 | 000,000,000 | -HSD | M] -- C:\Users\Rico\AppData\Roaming\.#
[2011/03/05 09:13:07 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\5012
[2011/05/28 09:14:17 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\5015
[2009/03/11 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ableton
[2008/08/28 15:32:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Acer
[2008/05/07 14:02:23 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Acer GameZone Console
[2013/01/25 11:26:32 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Amazon
[2008/11/06 12:53:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Autodesk
[2012/10/27 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\avidemux
[2010/09/26 07:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Buhl Data Service
[2011/01/30 07:35:28 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Cakewalk
[2012/05/07 10:32:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/12/24 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2009/01/07 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/05/09 10:38:30 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DataCast
[2012/09/10 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Dropbox
[2012/10/29 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DVDVideoSoft
[2012/01/01 09:16:38 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\elsterformular
[2009/02/07 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Epson
[2013/04/22 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ICQ
[2008/09/21 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\InfraRecorder
[2011/03/05 09:12:56 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\kock
[2008/08/30 10:54:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Leadertech
[2012/05/17 05:15:42 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\OpenCandy
[2008/09/07 16:37:07 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\PeerNetworking
[2012/02/25 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Smart PDF Converter
[2009/01/04 16:38:33 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\SPORE
[2013/06/12 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Spotify
[2009/03/11 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Steinberg
[2012/04/15 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TeamViewer
[2011/12/29 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TuneUp Software
[2011/05/29 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\UAs
[2009/06/25 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ubisoft
[2012/02/25 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\UDC Profiles
[2011/06/13 14:30:18 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\xmldm
[2008/09/08 11:09:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/11/06 12:53:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011/10/02 21:49:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2010/12/02 12:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest Bluetooth SDK
[2013/03/31 08:09:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2010/03/11 14:39:15 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2011/01/30 07:33:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Cakewalk
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/10/26 12:51:42 | 000,000,000 | ---D | M] -- C:\ProgramData\dvdfab
[2009/02/23 10:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2012/04/04 11:00:34 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2011/02/06 15:40:13 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/07/24 06:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/05/07 13:52:27 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/05/19 08:50:19 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/04/13 16:33:49 | 000,000,000 | ---D | M] -- C:\ProgramData\IEConfiguration1und1
[2008/11/19 06:33:30 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2012/10/27 21:28:18 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy
[2008/08/28 11:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games
[2012/09/18 12:21:57 | 000,000,000 | ---D | M] -- C:\ProgramData\quqvouzquchmbyv
[2009/07/12 18:14:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Screentime
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/03/11 18:32:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Steinberg
[2009/03/11 18:28:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2009/06/25 17:58:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2008/08/28 11:39:07 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/29 19:47:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2009/02/04 13:24:36 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/12/25 22:08:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2012/02/22 16:08:03 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/05/07 13:51:35 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/12/29 19:42:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/06/11 20:57:50 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 6/13/2013 5:41:28 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.65 Gb Total Space | 25.91 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive D: | 465.70 Gb Total Space | 450.17 Gb Free Space | 96.66% Space Free | Partition Type: FAT32
Drive E: | 142.67 Gb Total Space | 110.04 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Anwendungen\Microsoft Office 2003\OFFICE11\msohtmed.exe" %1
htmlfile [print] -- "D:\Anwendungen\Microsoft Office 2003\OFFICE11\msohtmed.exe" /p %1
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Anwendungen\VLC-Player\vlc.exe --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Anwendungen\VLC-Player\vlc.exe --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = er100LT
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{481C4C27-7A05-47D8-BACB-A3FDD3162D1B}" = Acer Crystal Eye Webcam 3.0.3.1
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5783F2D7-7001-0407-0002-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.3.1
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A9FC434F-9950-487C-82F1-E1515FA70DA4}" = ArcSoft ShowBiz DVD 2
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection
AAA 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch
"Avira AntiVir Desktop" = Avira Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.6.2a
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 11.5.1.4843" = ElsterFormular-Upgrade
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"EPSON BX320FW Series" = EPSON BX320FW Series Printer Uninstall
"EPSON PX700W Series" = EPSON PX700W Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Benutzerhandbuch" = EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Handbuch
"Festo Fluidsim_is1" = Festo FluidSim 3.6
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Left 4 Dead_is1" = Left 4 Dead v1.0.0.5
"Live Lite Alesis Edition" = Live Lite Alesis Edition
"LManager" = Launch Manager
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SeriousSam2" = Serious Sam 2
"SONARLE_is1" = SONAR 6 LE
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"USB_AUDIO_DEusb-audio.deAlesis" = Alesis USB Audio driver
"VLC media player" = VLC media player 0.9.6
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.0.7.0
"XviD_is1" = XviD MPEG-4 Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Rico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Spotify" = Spotify
< End of report >
|
|
14.06.2013, 10:53
| #2 |
| /// Malware-holic   | GVU-Trojaner hat mein laptop lahm gelegt! hi hatts dich 2 mal erwischt oder warum machst du 2 themen auf
__________________
__________________ |
|
14.06.2013, 11:01
| #3 |
| | GVU-Trojaner hat mein laptop lahm gelegt! hi, nein leider stecke ich immernoch mit dem selben problem fest und dachte vielleicht kann mir jemand weiteres helfen, wo ich schneller eine antwort bekomme.
__________________entschuldigung dafür :/ |
|
14.06.2013, 11:06
| #4 |
| /// Malware-holic | GVU-Trojaner hat mein laptop lahm gelegt! dann warte da bitteauf antwort, dieses Thema wird später geschlossen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 11:07
| #5 |
| Administrator /// technical service  | GVU-Trojaner hat mein laptop lahm gelegt! hier geht's weiter: http://www.trojaner-board.de/136532-...ekaempfen.html |
| Themen zu GVU-Trojaner hat mein laptop lahm gelegt! |
| adobe, antivir, avira, bho, bildschirm, crystaldiskinfo, cubase, desktop, dringend, error, excel, firefox, flash player, format, home, install.exe, launch, logfile, microsoft office 2003, mozilla, netzwerk, photoshop, plug-in, popup, problem, realtek, registry, revo uninstaller, rundll, scan, schwarzer bildschirm, spotify web helper, teamspeak, vlc-player |
Linear-Darstellung
