Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.07.2012, 11:32   #1
BerndX
 
Live Security Platinum entfernt? - Standard

Live Security Platinum entfernt?



Liebe Forumsgemeinde,

vor 3 Tagen erschien auf meinem Internetaccount mit eingeschränkten Rechten die Meldung, dass Live security Platinum diverse Viren gefunden hat.

Nach verschiedenen Versuchen den Schädling zu vernichten, erscheint er seit heute morgen nicht mehr. Bei der Bearbeitung des Problems habe ich mich an die Vorschläge hier im Forum gehalten.

Der Reihenfolge nach die Logs der benutzen Programme:

Defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:14 on 13/07/2012 (hki)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 13.07.2012 08:24:15 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\hki\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,72% Memory free
12,00 Gb Paging File | 9,76 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 370,33 Gb Total Space | 206,93 Gb Free Space | 55,88% Space Free | Partition Type: NTFS
Drive D: | 691,21 Gb Total Space | 80,82 Gb Free Space | 11,69% Space Free | Partition Type: NTFS
Drive E: | 247,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive U: | 320,62 Gb Total Space | 1,41 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
 
Computer Name: HKI-PC | User Name: hki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38B4A867-7567-44BC-B1BC-1CAE99347FE0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3BFDA9A7-9CC3-45E8-9965-BC709B9817AC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp3\wnt500x64\rpcsandrasrv.exe | 
"{47DA7C08-2340-4285-802D-E2146CEB095E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{56750F05-EB8F-4D99-B7C0-842E1A58AA21}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F429820F-E606-47F4-BB64-91D05D221036}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp3\rpcagentsrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F9641D-1365-4A17-B2E5-BBA358FA4C70}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{1149BB47-3EF0-4410-BE83-0CF9D9B0B57F}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{1D09CB2C-444A-4099-8960-5E545E3252D1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{223296D0-E4E7-4D5A-8BB9-80C593C7CF6B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{33A0EBE8-19EE-4665-A2E4-81AE93BEA2A5}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{3FD90E5E-73EB-4F22-8D9D-09102348D06C}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{48F44B13-5AC9-4F0D-94F7-90CF8CC29934}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{4A9BECBE-39E1-4426-A70E-630503186D23}" = protocol=6 | dir=in | app=c:\users\internet\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5A477AFB-49D9-4A68-8F41-909477E5CDE8}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{6BD37915-1096-4DC8-ADC4-3EF19B221094}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{6F1D4340-3CAA-42AB-8DB6-D8145F98FBB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{75F65FDC-35DC-42BD-BF77-0A58B2F5A1F3}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{789642C4-11AA-4830-A789-AB3B13EB159F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{84BDEA78-A721-44FD-9263-23D9C712721E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{99922227-C06E-4E11-9685-A30F4635B67C}" = protocol=17 | dir=in | app=c:\users\internet\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A44DCF72-0DA9-41F4-95E1-DAA04E439E1A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{A572138E-10FD-4FCC-8D92-4A0DA70F03A7}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{B05A267C-58B4-465F-82DB-B63DDB5583D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BB9298BF-3900-4002-A8F3-97DC29DD5224}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C1205C73-1FB9-40D9-BDD2-EB2F5AD6FE70}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{CA1603F6-4EC4-416D-A0F9-2E5B09C05772}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{CBC46966-EB3F-4F4E-BEFF-66EDC0D981A1}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{D48EB5A2-897A-41B1-9081-834D42736A76}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{E15BD730-9270-46FF-B791-293ECD79FCD9}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{E8E96145-EDFD-465B-8396-1D59AFAA454C}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"TCP Query User{05ECD588-93C2-4512-8B32-AE7451C8BEAD}D:\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\left 4 dead 2\left4dead2.exe | 
"TCP Query User{10E12D27-997C-4544-B998-7818AC175DE5}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
"TCP Query User{314307A6-5DB9-4880-B35C-6589658D94A4}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{83870E5E-5A5E-4536-922A-FC8F6B647DAA}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{A88FDCE1-935C-4E39-BCC7-38407DA9320F}D:\spiele\left 4 dead 2\left4dead2.heiising" = protocol=6 | dir=in | app=d:\spiele\left 4 dead 2\left4dead2.heiising | 
"TCP Query User{EA656175-763E-4E25-9E24-EBFE729924DE}C:\users\internet\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\internet\appdata\local\programs\opera\opera.exe | 
"TCP Query User{FD1527A1-C46B-462F-A5D1-07290F80A8AD}D:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe" = protocol=6 | dir=in | app=d:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe | 
"UDP Query User{019FB322-85CB-4AD8-AB95-4E39F4308202}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{0A7194F7-8042-4CA7-8CD9-C800AEA34D03}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
"UDP Query User{46234BDB-18E2-42B7-96F5-835A3947892D}D:\spiele\left 4 dead 2\left4dead2.heiising" = protocol=17 | dir=in | app=d:\spiele\left 4 dead 2\left4dead2.heiising | 
"UDP Query User{66BF89C6-20DC-4AA6-8C15-C73917E7D7AA}D:\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\left 4 dead 2\left4dead2.exe | 
"UDP Query User{9E93EF2F-35B1-42F7-8655-181DDCE5B13C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{DA803435-49A5-45AB-9237-9AE54C462A9D}C:\users\internet\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\internet\appdata\local\programs\opera\opera.exe | 
"UDP Query User{DC295EE8-E9D4-4060-AC35-A6D5717AC0B5}D:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe" = protocol=17 | dir=in | app=d:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP3
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000B8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9DCFC564-606E-424F-8A1C-56DD14908AF6}" = Serif PhotoPlus X2
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{bd521da1-d38b-47ae-824a-c66007866327}" = Nero 9 Essentials
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F187CE58-99E6-443C-0321-61F9EB731B1B}" = MyTube Internet Recorder
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Duty" = Call of Duty
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"Live 8.2.5" = Live 8.2.5
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"McAfee Security Scan" = McAfee Security Scan Plus
"Mediscript-CD GK3" = Mediscript-CD GK3
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"mufin player D" = mufin player
"Native Instruments Audio 8 DJ" = Native Instruments Audio 8 DJ
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"SpeedFan" = SpeedFan (remove only)
"TIMELEFT3_is1" = TimeLeft
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 1.1.9
"WebTemp_is1" = WebTemp 3.37 (kostenlose Version)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.11.2011 14:11:05 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x474  Startzeit der fehlerhaften Anwendung: 0x01cca48b19defd49
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 5942e4fa-107e-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:11:20 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0xc48  Startzeit der fehlerhaften Anwendung: 0x01cca48b2435a4d1
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 621de8d6-107e-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:11:49 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x8a0  Startzeit der fehlerhaften Anwendung: 0x01cca48b35c388a1
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 73a58b14-107e-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:12:39 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x1044  Startzeit der fehlerhaften Anwendung: 0x01cca48b5351a108
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 913418ad-107e-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:17:32 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x1330  Startzeit der fehlerhaften Anwendung: 0x01cca48c01517a84
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 3fe325cb-107f-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:17:48 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x8ec  Startzeit der fehlerhaften Anwendung: 0x01cca48c0ba5e088
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 4986836c-107f-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:18:21 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cca48c1ee5cf21
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 5cce8858-107f-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:18:36 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x13b4  Startzeit der fehlerhaften Anwendung: 0x01cca48c2807e64a
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 65f6ba01-107f-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:25:10 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x12e8  Startzeit der fehlerhaften Anwendung: 0x01cca48d11ffee2d
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 50e04e51-1080-11e1-9816-0025114eeb49
 
Error - 16.11.2011 14:25:47 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
 Zeitstempel: 0x481b677e  Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
 1.2.0.13, Zeitstempel: 0x481b677e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x000ad694
ID
 des fehlerhaften Prozesses: 0x1628  Startzeit der fehlerhaften Anwendung: 0x01cca48d291e423b
Pfad
 der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe  Berichtskennung:
 670a56d2-1080-11e1-9816-0025114eeb49
 
[ Cisco AnyConnect VPN Client Events ]
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
[ Media Center Events ]
Error - 11.07.2012 17:38:28 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 23:38:28 - Fehler beim Herstellen der Internetverbindung.  23:38:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.07.2012 17:39:18 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 23:38:33 - Fehler beim Herstellen der Internetverbindung.  23:38:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.07.2012 18:43:53 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 00:43:47 - Fehler beim Herstellen der Internetverbindung.  00:43:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.07.2012 18:47:05 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 00:44:01 - Fehler beim Herstellen der Internetverbindung.  00:44:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.07.2012 02:58:08 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 08:58:06 - Fehler beim Herstellen der Internetverbindung.  08:58:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.07.2012 03:01:57 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 08:58:37 - Fehler beim Herstellen der Internetverbindung.  08:58:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.07.2012 04:17:16 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 10:16:15 - Fehler beim Herstellen der Internetverbindung.  10:16:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.07.2012 04:21:58 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 10:17:36 - Fehler beim Herstellen der Internetverbindung.  10:17:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.07.2012 00:58:00 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 06:57:56 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 13.07.2012 01:02:46 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 06:58:21 - Fehler beim Herstellen der Internetverbindung.  06:58:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 12.07.2012 06:04:01 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.07.2012 06:04:02 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.07.2012 06:04:03 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.07.2012 06:20:11 | Computer Name = hki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07  avipbb  avkmgr  discache  mwlPSDFilter  mwlPSDNServ  mwlPSDVDisk  spldr  StarOpen  Wanarpv6
 
Error - 12.07.2012 06:20:17 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.07.2012 06:20:23 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.07.2012 06:20:24 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.07.2012 06:20:25 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.07.2012 00:47:57 | Computer Name = hki-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 13.07.2012 00:48:33 | Computer Name = hki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07  StarOpen
 
 
< End of report >
         
OTL.Txt

Code:
ATTFilter
OTL logfile created on: 13.07.2012 08:24:15 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\hki\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,72% Memory free
12,00 Gb Paging File | 9,76 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 370,33 Gb Total Space | 206,93 Gb Free Space | 55,88% Space Free | Partition Type: NTFS
Drive D: | 691,21 Gb Total Space | 80,82 Gb Free Space | 11,69% Space Free | Partition Type: NTFS
Drive E: | 247,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive U: | 320,62 Gb Total Space | 1,41 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
 
Computer Name: HKI-PC | User Name: hki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.13 07:59:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hki\Desktop\OTL.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.06.17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.05.08 15:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:20:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.08 15:20:54 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 15:20:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.02.03 23:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.05.08 15:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:20:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.08 15:20:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.10.19 19:37:57 | 005,250,048 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.10 12:02:04 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.02.03 23:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 19:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 15:20:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 15:20:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.06 13:23:32 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2011.06.10 22:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.04.06 16:07:04 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.20 12:59:34 | 000,353,360 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djavs.sys -- (a8djavs)
DRV:64bit: - [2010.10.20 12:59:34 | 000,094,288 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djusb.sys -- (a8djusb_svc)
DRV:64bit: - [2009.07.14 10:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.12 12:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.02.23 03:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n
IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n
IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE423DE423
IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=APN10023&gct=hp"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.23 15:46:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.23 15:46:30 | 000,000,000 | ---D | M]
 
[2011.03.18 09:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hki\AppData\Roaming\mozilla\Extensions
[2011.12.01 21:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hki\AppData\Roaming\mozilla\Firefox\Profiles\56k5fszm.default\extensions
[2012.07.13 08:13:19 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\hki\AppData\Roaming\mozilla\Firefox\Profiles\56k5fszm.default\extensions\toolbar@ask.com
[2011.12.28 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2603405234-708572302-3740042233-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\hki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C2EE7A-AD2C-45F2-AECB-866D401A5243}: DhcpNameServer = 168.95.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b18da2ea-6048-11e0-b9be-0025114eeb49}\Shell - "" = AutoRun
O33 - MountPoints2\{b18da2ea-6048-11e0-b9be-0025114eeb49}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.13 08:04:32 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\hki\Desktop\OTH.scr
[2012.07.13 08:04:03 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\hki\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.13 07:59:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\hki\Desktop\OTL.exe
[2012.07.12 11:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.12 08:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.07.12 08:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.07.12 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\hki\Documents\Anti-Malware
[2012.07.12 07:14:01 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Roaming\Malwarebytes
[2012.07.12 07:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.10 23:57:53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.10 15:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E8588900268C41000133AAB4EB2367
[2012.07.07 17:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TimeLeft 3
[2012.07.07 17:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLeft3
[2012.07.07 17:30:26 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Roaming\NesterSoft
[2012.06.24 12:42:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.06.24 09:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10
[2012.06.24 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tipp10
[2012.06.24 09:14:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.06.24 09:11:00 | 000,000,000 | ---D | C] -- C:\Users\hki\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.06.22 18:45:30 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Local\Macromedia
[2012.06.22 13:29:34 | 000,000,000 | ---D | C] -- C:\ND Kram
[2012.06.20 10:10:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.17 16:26:09 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Roaming\Dropbox
[2009.09.03 10:44:43 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.13 08:14:23 | 000,000,000 | ---- | M] () -- C:\Users\hki\defogger_reenable
[2012.07.13 08:04:43 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\hki\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.13 08:04:43 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\hki\Desktop\OTH.scr
[2012.07.13 08:01:23 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.13 07:59:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hki\Desktop\OTL.exe
[2012.07.13 07:59:45 | 000,050,477 | ---- | M] () -- C:\Users\hki\Desktop\Defogger.exe
[2012.07.13 06:55:37 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 06:55:37 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 06:54:27 | 001,790,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.13 06:54:27 | 000,767,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.13 06:54:27 | 000,710,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.13 06:54:27 | 000,172,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.13 06:54:27 | 000,141,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.13 06:48:57 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.13 06:48:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.13 06:48:05 | 536,195,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 08:17:10 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.07 17:30:27 | 000,001,054 | ---- | M] () -- C:\Users\hki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
[2012.07.07 17:30:27 | 000,000,952 | ---- | M] () -- C:\Users\hki\Desktop\TimeLeft.lnk
[2012.06.25 13:37:56 | 654,213,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.24 12:40:50 | 000,409,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.24 09:16:22 | 000,000,983 | ---- | M] () -- C:\Users\hki\Desktop\TIPP10.lnk
[2012.06.24 09:14:35 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.13 08:14:23 | 000,000,000 | ---- | C] () -- C:\Users\hki\defogger_reenable
[2012.07.13 07:59:15 | 000,050,477 | ---- | C] () -- C:\Users\hki\Desktop\Defogger.exe
[2012.07.12 08:17:10 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.07 17:30:27 | 000,001,054 | ---- | C] () -- C:\Users\hki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
[2012.07.07 17:30:27 | 000,000,952 | ---- | C] () -- C:\Users\hki\Desktop\TimeLeft.lnk
[2012.06.25 13:37:56 | 654,213,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.24 09:16:22 | 000,000,983 | ---- | C] () -- C:\Users\hki\Desktop\TIPP10.lnk
[2012.06.24 09:14:35 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.20 10:33:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.20 10:29:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.08 09:58:29 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.06 13:18:52 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2011.06.21 22:12:06 | 011,169,792 | ---- | C] () -- C:\Users\hki\AppData\Roaming\Sandra.mdb
[2011.04.17 12:54:42 | 000,007,597 | ---- | C] () -- C:\Users\hki\AppData\Local\Resmon.ResmonCfg
[2011.03.30 22:13:46 | 001,767,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.18 09:28:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.18 01:15:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.08.25 23:25:38 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Ableton
[2011.11.13 16:23:52 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Audacity
[2012.06.17 16:26:09 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Dropbox
[2012.05.08 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\elsterformular
[2011.03.18 11:19:05 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Engelmann Media
[2012.07.07 17:30:26 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\NesterSoft
[2011.04.03 08:10:04 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\OpenOffice.org
[2011.03.18 08:37:22 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\PowerCinema
[2011.03.18 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Serif
[2011.06.21 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\XSManager
[2012.04.17 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Ableton
[2012.06.19 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Dropbox
[2011.06.23 13:23:00 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Engelmann Media
[2012.07.07 17:30:31 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\NesterSoft
[2011.03.31 19:13:12 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\OpenOffice.org
[2012.01.05 12:56:11 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Opera
[2012.03.15 01:58:28 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\PowerCinema
[2012.01.20 10:34:03 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Samsung
[2011.03.27 16:04:19 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Serif
[2012.03.15 01:58:28 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\SoftDMA
[2011.08.24 12:36:21 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Template
[2012.07.07 14:47:24 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\TIPP10
[2011.12.05 13:49:58 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\XSManager
[2012.06.20 15:26:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Die Ergebnisse der Avira-Scans und der MBAM-Scans habe ich als Anhang beigefügt.
Emsisoft habe ich auch benutzt, aber direkt wieder gelöscht. Das Programm hat keinen Fund gemeldet. Einen Logeintrag habe ich leider nicht mehr gefunden.

Bernd

Alt 14.07.2012, 17:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernt? - Standard

Live Security Platinum entfernt?



Code:
ATTFilter
D:\Spiele\Batman Arkham City\Batman.Arkham.City-FiGHTCLUB.part01.rar
         


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________

Antwort

Themen zu Live Security Platinum entfernt?
avira, avira searchfree toolbar, bho, call of duty, ebay, emsisoft, entfernt?, error, excel, failed, flash player, google, google earth, grand theft auto, home, install.exe, installation, kaspersky, logfile, microsoft office word, mozilla, office 2007, popup, realtek, registry, scan, schädling, searchscopes, security, server, software, staropen, stick, usb, viren, windows



Ähnliche Themen: Live Security Platinum entfernt?


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (41)
  3. "Live Security Platinum" - erfolgreich entfernt?
    Log-Analyse und Auswertung - 10.09.2012 (1)
  4. LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (16)
  5. live security platinum warnung, wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (3)
  6. LIVE SECURITY PLATINUM: kein Browser ruft Webseiten auf - habe versehentlich alle Malwarebytes-Funde entfernt
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (1)
  7. Live Security Platinum Virus - wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (35)
  8. Live Security Platinum 3.6.1 vollständig entfernt?
    Log-Analyse und Auswertung - 14.08.2012 (24)
  9. Live Security Platinum
    Log-Analyse und Auswertung - 06.08.2012 (1)
  10. "Live Security Platinum" vollständig entfernt? Logs anbei.
    Log-Analyse und Auswertung - 03.08.2012 (33)
  11. Live Security Platinum komplett entfernt??
    Log-Analyse und Auswertung - 30.07.2012 (3)
  12. Live Security Platinum nach System-Neuinstallation wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  13. Live Security Platinum entfernt?
    Log-Analyse und Auswertung - 29.07.2012 (1)
  14. Live Security Platinum vollständig entfernt?
    Log-Analyse und Auswertung - 16.07.2012 (1)
  15. Log <-- live security platinum
    Log-Analyse und Auswertung - 15.07.2012 (1)
  16. ist live security platinum erfolgreich entfernt worden?
    Log-Analyse und Auswertung - 28.06.2012 (1)
  17. live security platinum entfernt, Bitte um Logfileanalyse
    Log-Analyse und Auswertung - 19.06.2012 (1)

Zum Thema Live Security Platinum entfernt? - Liebe Forumsgemeinde, vor 3 Tagen erschien auf meinem Internetaccount mit eingeschränkten Rechten die Meldung, dass Live security Platinum diverse Viren gefunden hat. Nach verschiedenen Versuchen den Schädling zu vernichten, erscheint - Live Security Platinum entfernt?...
Archiv
Du betrachtest: Live Security Platinum entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.