Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2012, 01:07   #1
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Hallo zusammen.

Ein Malwarebytes-Suchlauf hat ergeben, dass sich auf meinem Computer die Schädlinge (?) Adware.Onlinegames und PUP.OfferBundler.ST finden. Was ist nun zu tun?

Im Folgenden nun zunächst die Logs der Scans von OTL, Gmer sowie Malwarebytes:

Code:
ATTFilter
 OTL logfile created on: 9/4/2012 7:54:36 PM - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Matthias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.93 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.39% Memory free
4.10 Gb Paging File | 2.65 Gb Available in Paging File | 64.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.44 Gb Total Space | 28.94 Gb Free Space | 26.20% Space Free | Partition Type: NTFS
Drive D: | 110.44 Gb Total Space | 47.61 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
 
Computer Name: ABICOMIII | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/04 19:53:13 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
PRC - [2012/08/10 18:29:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/26 08:08:57 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/06 01:22:10 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/11/28 20:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/11/28 20:56:02 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008/11/28 20:08:46 | 000,417,792 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/10/18 00:54:38 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/10/09 07:49:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/09 07:49:12 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/10/04 14:09:02 | 000,069,632 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/10/03 05:18:36 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/09/10 10:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 03:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/02 20:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/06/20 02:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/10/10 10:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\System32\WebUpdateSvc4.exe
PRC - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 23:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/15 12:25:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/15 12:25:37 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/15 12:23:04 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/15 12:22:49 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/10 03:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:50:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:48:49 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:48:37 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2010/08/15 19:16:29 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/02/24 15:18:53 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3013.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2009/02/24 15:18:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/02/24 15:18:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2009/02/24 15:18:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/10/09 07:49:24 | 000,835,584 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/10/09 07:49:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008/07/30 03:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2003/06/07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/16 16:01:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/11/28 20:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/10/04 14:09:02 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/09/27 07:43:06 | 000,363,024 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2008/09/27 05:23:58 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2008/09/10 10:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/10 10:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\System32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/11/04 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/01 20:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/09/27 06:01:12 | 000,212,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/27 06:01:12 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2008/09/27 06:00:40 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/08/26 23:51:36 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/06/11 03:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/05/31 04:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/10 23:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/04 04:28:01 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/01/04 04:28:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/11/08 10:59:50 | 000,530,304 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2006/11/03 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=TRL&o=101840&src=crm&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=vToC0_trTpJ5AE4GK_ypC0iGMvU?q={searchTerms}
IE - HKCU\..\SearchScopes\{BD85AF5C-892F-40F1-ABA5-9D45699E77D5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 198.3.128.10:80
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.6
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
 
[2009/05/06 05:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions
[2009/05/06 05:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
========== Chrome  ==========
 
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ProxyPy Web Proxy = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\illahkmhnkgdnhdfkankcocbmmjmbipd\1.2.5_0\
CHR - Extension: Gmail = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB795AB4-21C5-4EFC-BCBE-7F19D475214A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\Shell - "" = AutoRun
O33 - MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{499b3145-39c7-11de-977a-00235a4df5de}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{86102433-7e69-11de-93eb-00235a4df5de}\Shell\AutoRun\command - "" = G:\wdsync.exe
O33 - MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c890fdfd-43f4-11de-a320-00235a4df5de}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NuOIV.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/04 19:53:11 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012/09/04 12:37:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/04 12:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/04 19:53:13 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012/09/04 19:51:56 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012/09/04 19:48:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000UA.job
[2012/09/04 19:16:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/04 18:48:26 | 000,050,477 | ---- | M] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012/09/04 18:34:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 18:34:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 12:52:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000Core.job
[2012/09/04 12:45:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/04 12:37:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/04 12:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/01 22:37:41 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/01 22:37:41 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/01 22:31:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/09/01 22:31:04 | 2074,099,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 13:07:16 | 000,002,023 | ---- | M] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/18 18:16:05 | 000,002,637 | ---- | M] () -- C:\Users\Matthias\Desktop\Microsoft Office Word 2003.lnk
[2012/08/16 08:36:33 | 000,340,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/09/04 19:51:56 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012/09/04 18:48:26 | 000,050,477 | ---- | C] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012/09/04 12:37:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/06 21:12:34 | 000,002,705 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/01/31 16:08:20 | 000,087,959 | ---- | C] () -- C:\Users\Matthias\Wiebke.jpg
[2010/07/12 21:07:01 | 005,018,921 | ---- | C] () -- C:\Users\Matthias\Peter Maffay-Du.mp3
[2010/03/01 21:01:43 | 004,517,877 | ---- | C] () -- C:\Users\Matthias\Scala-Hungriges Herz.mp3
[2009/07/25 09:04:00 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2009/03/06 03:29:24 | 000,095,232 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/06 01:29:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010/09/24 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\acccore
[2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer
[2009/02/24 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer GameZone Console
[2012/05/16 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft
[2009/12/22 12:18:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo
[2012/09/04 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\EndNote
[2010/09/11 17:50:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\fotobuch.de AG
[2010/10/20 11:02:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Geifif
[2011/09/22 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2012/01/15 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Leadertech
[2010/02/05 17:54:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Miranda
[2009/03/08 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org
[2010/10/11 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PhotoFiltre
[2009/08/12 00:12:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PowerCinema
[2010/10/20 12:49:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ruil
[2009/08/30 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SCHLECKERFotobuch
[2009/08/12 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SoftDMA
[2009/06/10 02:50:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ThomsonWest
[2009/05/06 05:33:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TomTom
[2012/09/01 20:10:41 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras:

Code:
ATTFilter
 OTL Extras logfile created on: 9/4/2012 7:54:36 PM - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Matthias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.93 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.39% Memory free
4.10 Gb Paging File | 2.65 Gb Available in Paging File | 64.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.44 Gb Total Space | 28.94 Gb Free Space | 26.20% Space Free | Partition Type: NTFS
Drive D: | 110.44 Gb Total Space | 47.61 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
 
Computer Name: ABICOMIII | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"C:\Program Files\ExamSoft\SofTest\softest.exe" = C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest

"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE819F9-35D5-48A7-A1EB-DCD1A5D68522}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24A32C43-F5F8-4CED-9438-5ADBC4BF6777}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DE39809-39D4-4AB4-A76D-E4910F30A3F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3E935955-6459-48DB-9F8F-77A51B7C3D3B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4576C5E8-98DB-4635-92CF-C87C2895CD68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{495009A7-541B-4B8D-B4C8-22A33BF5CDA7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{78908B67-1822-463E-8CD7-21E3C8189426}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79D8A0DA-3A69-40C6-A8E3-A509DCBCCD7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89DF5A86-3E06-411D-BDB9-92BA90B7F2C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8C1C76A-8018-4508-8913-ACD6DECFA0BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D5118F74-0E96-4EF9-BCAF-BCA7CAD4C897}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DD0A3961-A3A2-45DD-9546-9EB7CC7FC04C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E92F2AF6-4D24-4FFA-9BF9-A5E0B367AF61}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057AC86C-71B5-4475-8230-8B2A9926AB3F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{0ACCD787-5C76-4705-B98F-D67B65AB70CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20295A13-89EE-4008-80B7-15761048AFD0}" = protocol=6 | dir=in | app=c:\program files\electronic bluebook\electronic bluebook.exe | 
"{39816C38-43BF-4660-8270-7A25D252536E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{3BFC4906-6A99-44CF-B281-0530E376B428}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{4F228433-7D2E-40D2-BD7D-60CF0CC6692E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{527461CA-0C6A-4FCA-B341-AED562E9960C}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | 
"{5C80A7FC-AE51-4C8B-9E7F-673A94E58025}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{5D5CB8CD-FE78-4262-AE89-393E126288C6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{5EFA6982-9C44-4C39-B6A3-4C04AFE2C31E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{60E4893D-960B-451D-9E5F-37CBC9DD168D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{66268AAC-7165-480C-9B3A-5414AC22FE54}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | 
"{6FF0E96A-0F80-4B6E-9910-B4F1BDA9231A}" = protocol=6 | dir=out | app=system | 
"{7083958B-596C-4883-9B18-0D6D7F225B34}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{873B4EDA-E168-4DBF-B72D-EC1EFD8709DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E9F353D-B579-4840-AADF-ED9A46EC4588}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{9307A22C-A640-4CBA-A298-48D22D584E13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9840385C-510E-4682-BA91-7DEC0AB8ED94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98589A36-6189-42B4-BAFA-59361AA99C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{989333DD-0399-4098-B906-5A74507D94E3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{9D1625E6-3DD0-444D-8F1D-C6542591CB0A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{9D9DAD21-D4BF-4546-B3EC-12767CFB7945}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{A061B613-2FA3-4E3C-B748-DD74A6BE3C60}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{A466D99B-DAC7-46F2-8B79-A019AFE17B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AD5EF356-CF55-4747-A657-F333137A3383}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6FEF2F9-FE3A-4145-8C51-FAFC73C4277A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{BE9336D5-22A1-4EEC-B342-8781A230505F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C047F759-8227-4022-B52E-99778D6624FE}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{C4014706-AF20-4891-AEDC-4B9ADE6794A8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{C8945A8D-3BD4-48D8-AD01-CBA35EF7BD39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9D3C30A-9CE5-4A55-86C6-2D6092904123}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0885C58-FA06-4715-AA63-4ADBB5F5FEAC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{D96B472D-A6BA-453A-B5AC-CE4F66E0BD3F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{DA342670-C7C5-4930-AEE0-730825BC7F8C}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{DD162371-9D8A-4019-8989-89CB68F4F5BC}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{E8106F07-DB2A-45BE-BA44-71C9E4A49ED6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{E9D60AC0-AD23-4279-8B6C-EEF401B9EBEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F27FA3CD-F6B7-41EB-AEDA-F906035B9BF0}" = protocol=17 | dir=in | app=c:\program files\electronic bluebook\electronic bluebook.exe | 
"{F78F48E2-9497-4734-8323-899E214B4FAD}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{46F96A52-EFDA-42F7-AE00-C60B2CDF0DF9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{50220E9E-EBB2-42FE-B1C4-22E6452E2167}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{69DD5CDE-AADF-4CE5-BBED-984C2D5B0F04}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{79D5FA97-C375-4F14-847C-556BBC262043}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{7EA1D967-EEDD-4E68-B1EA-FA656242C950}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{901131C3-CEFA-4E77-8BC7-255391505628}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{950FE985-093B-4EE1-AAB9-05C6D03A74E7}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{99104EE9-3A2A-44B9-99EF-94AFEF9FD648}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{B4F5A051-9B1A-48BE-8924-EF46ABFC69D1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{B5D991CB-5D99-48E7-A482-94A9DB6B0A06}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C22407A5-F415-484E-94B2-4B1E92E4FD35}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{D83A0329-8C0B-4B27-8B06-D6F8E8CBD2DE}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{EE9C0304-D7EA-4CBE-BF3D-E257E7B9CBD8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{F1DC37A2-2C70-4B2F-81D0-ADEC6B99BD6C}C:\program files\hand-crafted software\freeproxy\freeproxy.exe" = protocol=6 | dir=in | app=c:\program files\hand-crafted software\freeproxy\freeproxy.exe | 
"UDP Query User{257724E4-6A6F-4121-A7D0-2C2C9FDAC096}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{29BBB57D-A9D8-4166-A9AC-7275188530A6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3AD2B190-3EAF-4C4C-8B37-5ACF24C50B53}C:\program files\hand-crafted software\freeproxy\freeproxy.exe" = protocol=17 | dir=in | app=c:\program files\hand-crafted software\freeproxy\freeproxy.exe | 
"UDP Query User{565547A3-815A-41E0-A79F-99C9D1AC8EED}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{5FFBFDB1-90EB-480F-BFFF-9799FD13D473}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{6123A944-D534-4F5C-9522-68249B584716}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{9941D2A9-AD00-4EE5-90A7-6EC6A9647B2C}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{BA1A38FA-2A12-437A-B8F5-F7469BB6769D}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{CDDD82AB-A673-4746-86EF-014C1690E95A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{D80040F7-1F3C-4CCC-94E8-3F2AC47C4304}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{EA96A361-02AB-446A-AD48-52EDD0728791}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{F7FCA8EE-9526-4AEC-BB2C-4E21CC833C4E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{FD4B000B-F2F8-4BB8-A5C9-04C24C6C178D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{FE6DBA81-D20E-4F7C-A5D1-2496A60F901E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C1BAFF-6EAC-446F-A3D4-59BE2708EA41}" = Trust Webcam 14839 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}" = Womens Murder Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9884276A-35B4-461B-827A-4F452C35B4A0}" = SofTest Bar Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC899917-C880-1017-8CB7-B932BD009007}" = DNE Update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F03C81CA-4445-4D53-B4B3-6B85CA0C5EB4}" = Electronic Bluebook
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_7" = AIM 7
"Any Audio Converter_is1" = Any Audio Converter 3.3.8
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Designer 2.0_is1" = Designer 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{46C1BAFF-6EAC-446F-A3D4-59BE2708EA41}" = Trust Webcam 14839 
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"PhotoFiltre" = PhotoFiltre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/2/2012 12:40:10 PM | Computer Name = AbiComIII | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 6/2/2012 12:40:10 PM | Computer Name = AbiComIII | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 6/3/2012 7:24:01 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/3/2012 12:27:27 PM | Computer Name = AbiComIII | Source = Application Hang | ID = 1002
Description = The program fifa09.exe version 0.0.0.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process 
ID: f00  Start Time: 01cd41a55790a6e9  Termination Time: 1823
 
Error - 6/6/2012 6:30:30 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/6/2012 1:41:03 PM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/8/2012 7:57:00 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/13/2012 5:41:57 AM | Computer Name = AbiComIII | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: bf8  Start Time: 01cd456dc310f042  Termination Time: 154
 
Error - 6/15/2012 6:20:11 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/18/2012 10:32:29 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 8/27/2012 7:27:01 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8/27/2012 8:49:45 AM | Computer Name = AbiComIII | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 8/27/2012 8:50:52 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8/29/2012 8:43:24 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 8/31/2012 7:29:51 AM | Computer Name = AbiComIII | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 8/31/2012 7:30:10 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 9/1/2012 4:31:14 PM | Computer Name = AbiComIII | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 9/1/2012 4:31:32 PM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 9/1/2012 6:45:56 PM | Computer Name = AbiComIII | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
 another computer on the network has the same name.  The server could not start.
 
Error - 9/3/2012 11:03:09 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
 GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-05 01:58:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: 64p1ov8s.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fwliipog.sys


---- System - GMER 1.0.15 ----

SSDT            88A3CB0E                                                                                                            ZwCreateSection
SSDT            88A3CB18                                                                                                            ZwRequestWaitReplyPort
SSDT            88A3CB13                                                                                                            ZwSetContextThread
SSDT            88A3CB1D                                                                                                            ZwSetSecurityObject
SSDT            88A3CB22                                                                                                            ZwSystemDebugControl
SSDT            88A3CAAF                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                       822AD8D8 4 Bytes  [0E, CB, A3, 88]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                       822ADBFC 4 Bytes  [18, CB, A3, 88]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                       822ADC30 4 Bytes  [13, CB, A3, 88]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                       822ADC94 4 Bytes  [1D, CB, A3, 88]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                       822ADCDC 4 Bytes  [22, CB, A3, 88]
.text           ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + 6               774D424A 4 Bytes  [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + B               774D424F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6         774D499A 1 Byte  [28]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6         774D499A 4 Bytes  [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + B         774D499F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + 6                 774D4A2A 4 Bytes  [68, 00, 23, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + B                 774D4A2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + 6              774D4AAA 4 Bytes  [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + B              774D4AAF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + B         774D4ABF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + 6       774D4ACA 4 Bytes  [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + B       774D4ACF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + 6               774D4B1A 4 Bytes  [68, 01, 23, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + B               774D4B1F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + 6          774D4B2A 4 Bytes  [68, 02, 23, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + B          774D4B2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + B        774D4B3F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + 6      774D4BCA 4 Bytes  [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + B      774D4BCF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + B  774D4C7F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + 6       774D515A 4 Bytes  [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + B       774D515F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + 6     774D51AA 4 Bytes  [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + B     774D51AF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 1 Byte  [68]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 4 Bytes  [68, 03, 23, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + B       774D544F 1 Byte  [E2]
.text           C:\Windows\Explorer.EXE[3016] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                          7698B37C 4 Bytes  [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text           C:\Windows\Explorer.EXE[3016] SHELL32.dll!ShellExecuteExW + 18B7                                                    769BDA14 4 Bytes  [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtCreateFile + 6               774D424A 4 Bytes  [28, 00, 29, 00] {SUB [EAX], AL; SUB [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtCreateFile + B               774D424F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtMapViewOfSection + 6         774D499A 1 Byte  [28]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtMapViewOfSection + 6         774D499A 4 Bytes  [28, 03, 29, 00] {SUB [EBX], AL; SUB [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtMapViewOfSection + B         774D499F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenFile + 6                 774D4A2A 4 Bytes  [68, 00, 29, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenFile + B                 774D4A2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcess + 6              774D4AAA 4 Bytes  [A8, 01, 29, 00] {TEST AL, 0x1; SUB [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcess + B              774D4AAF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcessToken + B         774D4ABF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcessTokenEx + 6       774D4ACA 4 Bytes  [A8, 02, 29, 00] {TEST AL, 0x2; SUB [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcessTokenEx + B       774D4ACF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThread + 6               774D4B1A 4 Bytes  [68, 01, 29, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThread + B               774D4B1F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThreadToken + 6          774D4B2A 4 Bytes  [68, 02, 29, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThreadToken + B          774D4B2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThreadTokenEx + B        774D4B3F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtQueryAttributesFile + 6      774D4BCA 4 Bytes  [A8, 00, 29, 00] {TEST AL, 0x0; SUB [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtQueryAttributesFile + B      774D4BCF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtQueryFullAttributesFile + B  774D4C7F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationFile + 6       774D515A 4 Bytes  [28, 01, 29, 00] {SUB [ECX], AL; SUB [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationFile + B       774D515F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationThread + 6     774D51AA 4 Bytes  [28, 02, 29, 00] {SUB [EDX], AL; SUB [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationThread + B     774D51AF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 1 Byte  [68]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 4 Bytes  [68, 03, 29, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtUnmapViewOfSection + B       774D544F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + 6               774D424A 4 Bytes  [28, 00, 21, 00] {SUB [EAX], AL; AND [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + B               774D424F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + 6         774D499A 1 Byte  [28]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + 6         774D499A 4 Bytes  [28, 03, 21, 00] {SUB [EBX], AL; AND [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + B         774D499F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + 6                 774D4A2A 4 Bytes  [68, 00, 21, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + B                 774D4A2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + 6              774D4AAA 4 Bytes  [A8, 01, 21, 00] {TEST AL, 0x1; AND [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + B              774D4AAF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessToken + B         774D4ABF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + 6       774D4ACA 4 Bytes  [A8, 02, 21, 00] {TEST AL, 0x2; AND [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + B       774D4ACF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + 6               774D4B1A 4 Bytes  [68, 01, 21, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + B               774D4B1F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + 6          774D4B2A 4 Bytes  [68, 02, 21, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + B          774D4B2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadTokenEx + B        774D4B3F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + 6      774D4BCA 4 Bytes  [A8, 00, 21, 00] {TEST AL, 0x0; AND [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + B      774D4BCF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryFullAttributesFile + B  774D4C7F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + 6       774D515A 4 Bytes  [28, 01, 21, 00] {SUB [ECX], AL; AND [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + B       774D515F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + 6     774D51AA 4 Bytes  [28, 02, 21, 00] {SUB [EDX], AL; AND [EAX], EAX}
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + B     774D51AF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 1 Byte  [68]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 4 Bytes  [68, 03, 21, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + B       774D544F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + 6               774D424A 4 Bytes  [28, 00, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + B               774D424F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 6         774D499A 1 Byte  [28]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 6         774D499A 4 Bytes  [28, 03, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + B         774D499F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + 6                 774D4A2A 4 Bytes  [68, 00, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + B                 774D4A2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + 6              774D4AAA 4 Bytes  [A8, 01, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + B              774D4AAF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + B         774D4ABF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + 6       774D4ACA 4 Bytes  [A8, 02, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + B       774D4ACF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + 6               774D4B1A 4 Bytes  [68, 01, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + B               774D4B1F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + 6          774D4B2A 4 Bytes  [68, 02, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + B          774D4B2F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + B        774D4B3F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + 6      774D4BCA 4 Bytes  [A8, 00, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + B      774D4BCF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + B  774D4C7F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + 6       774D515A 4 Bytes  [28, 01, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + B       774D515F 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + 6     774D51AA 4 Bytes  [28, 02, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + B     774D51AF 1 Byte  [E2]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 1 Byte  [68]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 6       774D544A 4 Bytes  [68, 03, 3E, 00]
.text           C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + B       774D544F 1 Byte  [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                             Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                           Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File            C:\Users\Matthias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUVG47J2\104[2]              0 bytes

---- EOF - GMER 1.0.15 ----
         
Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: ABICOMIII [administrator]

9/4/2012 4:50:15 PM
mbam-log-2012-09-04 (19-51-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461187
Time elapsed: 2 hour(s), 58 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Matthias\Documents\Downloads\ezCoverMaker3.exe (Adware.Onlinegames) -> No action taken.
C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> No action taken.

(end)
         
Schon einmal vielen Dank für Eure Hilfe!!!

Alt 05.09.2012, 15:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Handelt es sich um den Rechner den du gestern neu aufgesetzt hast?

Code:
ATTFilter
\SoftonicDownloader_fuer_gimp.exe
         
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen
__________________

__________________

Alt 05.09.2012, 16:17   #3
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Nein. Hierbei handelt es sich um einen anderen PC.

Ja, das mit Softonic habe ich hier im Forum auch bereits gelesen; werde ich mir eine Lehre sein lassen.
__________________

Alt 05.09.2012, 16:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.09.2012, 16:23   #5
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Nein, das war mein erster Scan mit Malwarebytes. Ich wurde durch die Erfahrung mit dem anderen Rechner angeregt...


Alt 05.09.2012, 16:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Bitte ESET ausführen, danach sehen wir weiter!

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.


ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke .
  • Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish
Bitte poste die Logfile hier.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?

Alt 05.09.2012, 16:27   #7
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Gut. Ich poste das Log, sobald der Scan durchgelaufen ist. Danke schon mal!!!

So hier nach kurzweiligen 1 das ESET Log:

Code:
ATTFilter
 C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RNYBC49.exe	a variant of Win32/HotSpotShield application
C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_gimp.exe	a variant of Win32/SoftonicDownloader.A application
         

Alt 06.09.2012, 10:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2012, 11:10   #9
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



There you go:

Code:
ATTFilter
 C:\$RECYCLE.BIN\S-1-5-21-649290938-3021887346-2181847563-1000\$RNYBC49.exe	a variant of Win32/HotSpotShield application
C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_gimp.exe	a variant of Win32/SoftonicDownloader.A application
         
Komisch. Ich wollte eigentlich das hier posten. Sorry.

Code:
ATTFilter
 # AdwCleaner v2.000 - Logfile created 09/06/2012 at 12:09:22
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Matthias - ABICOMIII
# Boot Mode : Normal
# Running from : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Users\Matthias\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Matthias\AppData\LocalLow\AskToolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5154 octets] - [06/09/2012 12:09:22]

########## EOF - C:\AdwCleaner[R1].txt - [5214 octets] ##########
         

Alt 06.09.2012, 15:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2012, 15:30   #11
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Gesagt, getan:

Code:
ATTFilter
 # AdwCleaner v2.000 - Logfile created 09/06/2012 at 16:25:43
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Matthias - ABICOMIII
# Boot Mode : Normal
# Running from : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\Matthias\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Matthias\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5283 octets] - [06/09/2012 12:09:22]
AdwCleaner[S1].txt - [5465 octets] - [06/09/2012 16:25:43]

########## EOF - C:\AdwCleaner[S1].txt - [5525 octets] ##########
         

Alt 06.09.2012, 16:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2012, 16:07   #13
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



1. Ich hatte ohnehin keine (merkbaren) Beeinträchtigungen; also ja, der normale Modus geht uneingeschränkt.

2. Ich vermisse nichts. Unter alle Programme gibt es leere Ordner:
- EzCoverMaker 3.1.0 (kann mich nicht erinnern, was das ist)
- Startup

Alt 06.09.2012, 16:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2012, 16:34   #15
Rotary41
 
Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Standard

Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?



La voilà:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/6/2012 5:17:15 PM - Run 2
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\Matthias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.93 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.88% Memory free
4.10 Gb Paging File | 3.11 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.44 Gb Total Space | 28.56 Gb Free Space | 25.86% Space Free | Partition Type: NTFS
Drive D: | 110.44 Gb Total Space | 47.61 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
 
Computer Name: ABICOMIII | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/06 17:13:03 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
PRC - [2012/08/10 18:29:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/11/28 20:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/11/28 20:56:02 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008/11/28 20:08:46 | 000,417,792 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/10/04 14:09:02 | 000,069,632 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/09/10 10:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/10/10 10:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\System32\WebUpdateSvc4.exe
PRC - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/15 12:25:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/15 12:25:37 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/15 12:23:04 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/15 12:22:49 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/10 03:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:48:49 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:48:37 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009/02/24 15:18:53 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3013.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2009/02/24 15:18:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/02/24 15:18:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2009/02/24 15:18:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/16 16:01:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/11/28 20:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/10/04 14:09:02 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/09/27 07:43:06 | 000,363,024 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2008/09/27 05:23:58 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2008/09/10 10:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/10 10:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\System32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/11/04 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/01 20:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/09/27 06:01:12 | 000,212,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/27 06:01:12 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2008/09/27 06:00:40 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/08/26 23:51:36 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/06/11 03:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/05/31 04:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/10 23:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/04 04:28:01 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/01/04 04:28:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/11/08 10:59:50 | 000,530,304 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2006/11/03 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=vToC0_trTpJ5AE4GK_ypC0iGMvU?q={searchTerms}
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\SearchScopes\{BD85AF5C-892F-40F1-ABA5-9D45699E77D5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 198.3.128.10:80
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
 
[2009/05/06 05:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions
[2009/05/06 05:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ProxyPy Web Proxy = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\illahkmhnkgdnhdfkankcocbmmjmbipd\1.2.5_0\
CHR - Extension: Gmail = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-649290938-3021887346-2181847563-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB795AB4-21C5-4EFC-BCBE-7F19D475214A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\Shell - "" = AutoRun
O33 - MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{499b3145-39c7-11de-977a-00235a4df5de}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{86102433-7e69-11de-93eb-00235a4df5de}\Shell\AutoRun\command - "" = G:\wdsync.exe
O33 - MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c890fdfd-43f4-11de-a320-00235a4df5de}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NuOIV.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Acer Assist Launcher - hkey= - key= - C:\Program Files\Acer\Acer Assist\launcher.exe ()
MsConfig - StartUpReg: Acer Product Registration - hkey= - key= - C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: CarboniteSetupLite - hkey= - key= - C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DW6 - hkey= - key= -  File not found
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Matthias\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: VX3000 - hkey= - key= - C:\Windows\vVX3000.exe (Microsoft Corporation)
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/06 17:13:01 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012/09/05 17:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/05 17:28:48 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Matthias\Desktop\esetsmartinstaller_enu.exe
[2012/09/05 14:14:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/09/04 12:37:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/04 12:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/06 17:16:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 17:13:03 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012/09/06 16:48:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000UA.job
[2012/09/06 16:34:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/06 16:34:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/06 16:28:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/09/06 16:28:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 16:28:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 16:28:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 16:28:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 16:28:22 | 2074,099,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 12:22:34 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000Core.job
[2012/09/06 12:08:54 | 000,511,265 | ---- | M] () -- C:\Users\Matthias\Desktop\adwcleaner.exe
[2012/09/05 17:28:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Matthias\Desktop\esetsmartinstaller_enu.exe
[2012/09/04 23:05:26 | 000,002,023 | ---- | M] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/04 20:14:33 | 000,302,592 | ---- | M] () -- C:\Users\Matthias\Desktop\64p1ov8s.exe
[2012/09/04 19:51:56 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012/09/04 18:48:26 | 000,050,477 | ---- | M] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012/09/04 12:37:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/18 18:16:05 | 000,002,637 | ---- | M] () -- C:\Users\Matthias\Desktop\Microsoft Office Word 2003.lnk
[2012/08/16 08:36:33 | 000,340,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/09/06 12:08:53 | 000,511,265 | ---- | C] () -- C:\Users\Matthias\Desktop\adwcleaner.exe
[2012/09/04 20:14:32 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\64p1ov8s.exe
[2012/09/04 19:51:56 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012/09/04 18:48:26 | 000,050,477 | ---- | C] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012/09/04 12:37:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/06 21:12:34 | 000,002,705 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/01/31 16:08:20 | 000,087,959 | ---- | C] () -- C:\Users\Matthias\Wiebke.jpg
[2010/07/12 21:07:01 | 005,018,921 | ---- | C] () -- C:\Users\Matthias\Peter Maffay-Du.mp3
[2010/03/01 21:01:43 | 004,517,877 | ---- | C] () -- C:\Users\Matthias\Scala-Hungriges Herz.mp3
[2009/07/25 09:04:00 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2009/03/06 03:29:24 | 000,095,232 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/06 01:29:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2009/02/24 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer GameZone Console
[2009/02/24 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/02/24 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010/09/24 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\acccore
[2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer
[2009/02/24 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer GameZone Console
[2012/05/16 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft
[2009/12/22 12:18:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo
[2012/09/04 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\EndNote
[2010/09/11 17:50:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\fotobuch.de AG
[2010/10/20 11:02:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Geifif
[2011/09/22 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2012/01/15 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Leadertech
[2010/02/05 17:54:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Miranda
[2009/03/08 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org
[2010/10/11 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PhotoFiltre
[2009/08/12 00:12:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PowerCinema
[2010/10/20 12:49:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ruil
[2009/08/30 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SCHLECKERFotobuch
[2009/08/12 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SoftDMA
[2009/06/10 02:50:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ThomsonWest
[2009/05/06 05:33:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TomTom
[2012/09/06 16:27:29 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/09/24 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\acccore
[2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer
[2009/02/24 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer GameZone Console
[2012/03/31 17:38:47 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Adobe
[2012/05/16 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft
[2009/12/22 12:18:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo
[2012/05/17 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avira
[2009/08/12 00:12:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\CyberLink
[2009/03/06 03:38:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DivX
[2012/09/04 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\EndNote
[2010/09/11 17:50:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\fotobuch.de AG
[2010/10/20 11:02:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Geifif
[2009/03/06 01:28:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Google
[2011/09/22 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2012/01/15 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2009/03/06 01:21:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Identities
[2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Leadertech
[2009/03/06 01:22:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Macromedia
[2011/10/24 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Center Programs
[2011/12/02 21:38:52 | 000,000,000 | --SD | M] -- C:\Users\Matthias\AppData\Roaming\Microsoft
[2010/02/05 17:54:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Miranda
[2009/03/19 07:14:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Move Networks
[2010/10/11 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mozilla
[2009/03/08 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org
[2010/10/11 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PhotoFiltre
[2009/08/12 00:12:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PowerCinema
[2009/06/13 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Real
[2010/10/20 12:49:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ruil
[2009/08/30 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SCHLECKERFotobuch
[2009/05/22 20:30:28 | 000,000,000 | RH-D | M] -- C:\Users\Matthias\AppData\Roaming\SecuROM
[2012/09/04 15:19:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Skype
[2011/07/05 16:48:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\skypePM
[2009/08/12 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SoftDMA
[2009/06/10 02:50:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ThomsonWest
[2009/05/06 05:33:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TomTom
[2010/05/28 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\U3
 
< %APPDATA%\*.exe /s >
[2010/05/13 19:14:51 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Matthias\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009/04/22 17:31:36 | 000,036,864 | R--- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Installer\{F03C81CA-4445-4D53-B4B3-6B85CA0C5EB4}\Icon90E003EA.exe
[2009/04/22 17:31:36 | 000,020,480 | R--- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Installer\{F03C81CA-4445-4D53-B4B3-6B85CA0C5EB4}\Icon90E003EA1.exe
[2009/02/12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010/03/05 15:45:33 | 000,034,062 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2009/07/18 22:51:00 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\RealPlayer\Update\realplayer11gold.exe
[2010/02/24 13:58:38 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010/07/04 14:59:01 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010/09/10 11:19:32 | 000,452,104 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\setup3.12\setup.exe
[2009/06/13 20:30:18 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\temp\~Upg0\realplayer11gold.exe
[2009/06/24 20:30:36 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\temp\~Upg1\realplayer11gold.exe
[2009/07/05 20:30:29 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\temp\~Upg2\realplayer11gold.exe
[2009/07/18 22:51:00 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\temp\~Upg3\realplayer11gold.exe
[2012/07/08 19:15:53 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthias\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\U3\temp\cleanup.exe
[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Matthias\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/01/13 08:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
<  >
 
<  >

< End of report >
         
--- --- ---

Antwort

Themen zu Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?
32 bit, adware.onlinegames, antivir, antivirus, audacity, autorun, avira, bho, browser, computer, error, excel, firefox, flash player, google, helper, home, hängen, install.exe, intranet, launch, logfile, ntdll.dll, problem, pup.offerbundler.st, realtek, registry, rundll, software, super, svchost.exe, vista, wma



Ähnliche Themen: Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?


  1. Malwarebytes findet: Adware.Trace in C:/end
    Plagegeister aller Art und deren Bekämpfung - 13.11.2015 (10)
  2. Malwarebytes verleibt sich Adware-Killer ein
    Nachrichten - 23.06.2015 (0)
  3. Malwarebytes Anti-Malware findet TowerTilt Adware
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (21)
  4. Hot-Finder.com (HOT FINDER) entfernen
    Anleitungen, FAQs & Links - 20.05.2014 (2)
  5. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  6. ADWARE/bProtect.D aber keine Funde bei Malwarebytes
    Log-Analyse und Auswertung - 24.09.2013 (11)
  7. Malwarebytes hat 2 Adware.DomaIQ gefunden
    Log-Analyse und Auswertung - 06.08.2013 (7)
  8. Malwarebytes hat adware bprot gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (11)
  9. Adware.Agent mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 02.07.2013 (8)
  10. Malwarebytes hat 3 Adware.DomaIQ gefunden!HILFE!
    Log-Analyse und Auswertung - 17.06.2013 (13)
  11. Firefox lahmt - Malwarebytes hat 'PUP.Adware.InstallCore' gefunden
    Log-Analyse und Auswertung - 06.05.2013 (28)
  12. Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?
    Log-Analyse und Auswertung - 19.12.2012 (3)
  13. Pup.offerbundler.st und pup.bundlerinstaller.bi mit Malwarebytes Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (9)
  14. Adware.InstallCore und PUP.OfferBundler.ST
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (8)
  15. Malwarebytes Fund - PUP.OfferBundler.ST
    Log-Analyse und Auswertung - 02.06.2012 (1)
  16. Malwarebytes findet Adware.Agent
    Log-Analyse und Auswertung - 19.12.2011 (1)
  17. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)

Zum Thema Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? - Hallo zusammen. Ein Malwarebytes-Suchlauf hat ergeben, dass sich auf meinem Computer die Schädlinge (?) Adware.Onlinegames und PUP.OfferBundler.ST finden. Was ist nun zu tun? Im Folgenden nun zunächst die Logs der - Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?...
Archiv
Du betrachtest: Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.