Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2012, 15:25   #1
Nic69
 
GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Hallo,

Windows 7 Home Premium 64 bit

ich nutze meinen PC zwar häufig, allerdings für Office und Internet. Von Viren, Trojanern und dem Innenleben meines PC´s habe ich kaum Ahnung Nun bin ich auf das Forum hier gestoßen und hoffe das es jemanden gibt, der mir helfen kann?
Vor ca. zwei Monaten hatte ich den GVU Trojaner auf meinem Rechner. Was mich sehr verwunderte, war zum einen das mein Rechner nach einem Neustart wieder normal funktionierte "kein GVU Trojaner Desktop, überhaupt keine merkbaren Beeinträchtigungen im normalen Betrieb" und mein Bitdefender Internet Security 2012 nichts meldete. Ich habe den Schwachstellen Scan und den kompletten System Scan durchgeführt, Bitdefender hat nichts gefunden. Danach habe ich gegoogelt und bin auf die Kaspersky Rescue Disk 10 gestoßen. Beim durchlaufen der verschiedenen Schritte gab es dann auch einen Fund und so wie es schien, wurde der Trojaner beseitigt. Verschiedene Online Virenscanner und mein aktueller Scanner "Avira Internet Security" finden nichts. Ich bin allerdings etwas verunsichert. Vor kurzem wollte ich ein Programm deinstallieren und bin dazu in die Systemsteuerung/Programme und Funktionen. Dort entdeckte ich das etliche Male Windows Live Mesh Aktive X Control in verschiedenen Sprachen installiert ist. Ich habe alles, bis auf Windows Live Essentials deinstalliert. Als ich Tage später nochmal nachschaute, waren diese Programme wieder da. Dann wollte ich Windows Live deinstallieren, was zuerst einmal nicht funktionierte. Erst mit dem Revo Uninstaller lies sich das Programm nach mehreren Anläufen deinstallieren. Nun habe ich mit dem CCleaner im Autostart geschaut. Beim Internet Explorer Autostart stehen immer noch Windows Live Funktionen. Als ich diese deaktivieren wollte, wurde mir angezeigt das der Zugriff verweigert wurde. Ich bin völlig ratlos, ist das ein Systemfehler, oder doch vllt. noch der Trojaner?
Vielen Dank im vorraus schonmal für die Hilfe!!!

Ich habe den Defogger Logfile, weiß aber nicht, wie ich den einfügen soll? Einach hier reinkopieren?

Alt 22.11.2012, 07:03   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Hi,


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread




Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 22.11.2012, 10:40   #3
Nic69
 
GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2012 10:48:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicole_Ronny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,47 Gb Available Physical Memory | 74,80% Memory free
11,96 Gb Paging File | 10,22 Gb Available in Paging File | 85,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,45 Gb Total Space | 385,37 Gb Free Space | 84,43% Space Free | Partition Type: NTFS
Drive D: | 456,96 Gb Total Space | 456,59 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 246,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,69 Gb Total Space | 1,81 Gb Free Space | 49,23% Space Free | Partition Type: FAT32
 
Computer Name: NICOLE_RONNY-PC | User Name: Nicole_Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe
PRC - [2012.11.06 18:30:43 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.11.06 18:29:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.05 10:06:33 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.10.16 17:06:10 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 16:57:19 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.10.16 16:57:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.20 10:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011.08.11 04:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2011.05.20 10:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.06 18:30:43 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.11.05 10:06:33 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.10.16 17:06:10 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 16:57:19 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.10.16 16:57:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.04.02 22:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.02 13:25:31 | 000,140,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.19 11:34:07 | 000,113,808 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.03.16 02:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.11 11:20:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.07.11 11:20:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.07.11 11:20:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.06.30 07:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.06.30 07:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.19 04:03:58 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\Nicole_Ronny\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0750B780-14CC-4214-9E13-2E24901151AD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4012_6&babsrc=SP_clro&mntrId=18e695fb000000000000c89cdc2d77a2
IE - HKCU\..\SearchScopes\{A1B64779-455E-4629-9AB5-69C2BDD0BC44}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012.09.08 08:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Extensions
[2012.09.08 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions
[2012.09.11 17:52:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions\support@lastpass.com
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Forge of Empires = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg\1.2_0\
CHR - Extension: Google Drive = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Reggae Music TV = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckckjpfjflmoendemfpgimjjhgmjoegn\4.9.2_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\.bak
CHR - Extension: Google-Suche = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MondoZoo - Zoo-Spiel = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejafdpedefplpgoacblaboikebhhjlib\1.1.0.0_0\
CHR - Extension: Click&Clean = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: Cut the Rope = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: LastPass = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\
CHR - Extension: Revolution = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcipgebmlkblphemggnjpampjajepcam\1.1_0\
CHR - Extension: Chrome Flags = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhejngphiacapbgllhagbpdkkdieeaej\1.4_0\
CHR - Extension: Speed Dial 2 = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Evernote Web = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Qtube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.8_0\
CHR - Extension: Deezer = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Hotmail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.1_0\
CHR - Extension: Google Mail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.11.19 06:12:56 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	全讯网,博彩优æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*即时指数,太阳城代理112scg,tt娱乐城8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	Sex Dating Casual Friends | Social dating
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKCU..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Users\NICOLE~1\AppData\Local\Temp\E_S25DC.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.12.18 13:02:38 | 000,000,040 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{814129ab-048c-11e2-980c-c89cdc2d77a2}\Shell - "" = AutoRun
O33 - MountPoints2\{814129ab-048c-11e2-980c-c89cdc2d77a2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{814129c0-048c-11e2-980c-c89cdc2d77a2}\Shell - "" = AutoRun
O33 - MountPoints2\{814129c0-048c-11e2-980c-c89cdc2d77a2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{90594152-76cc-11e1-a1cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{90594152-76cc-11e1-a1cc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2001.12.18 13:03:28 | 000,210,200 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: EPSON BX305 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIGJE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: FUFAXSTM - hkey= - key= - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: Uninstall C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.22 10:46:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe
[2012.11.21 14:51:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe
[2012.11.21 01:30:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Lea
[2012.11.21 00:11:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\LocaleMetaData
[2012.11.20 23:12:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.20 23:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.20 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\ResultReport-Dateien
[2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2012.11.20 11:28:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.20 11:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.11.20 11:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.11.20 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Programs
[2012.11.19 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012.11.19 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012.11.19 20:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012.11.19 07:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.19 05:06:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Avira
[2012.11.19 05:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.19 05:06:18 | 000,140,576 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.11.19 05:06:18 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.19 05:06:18 | 000,113,808 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.11.19 05:06:18 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.19 05:06:18 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.19 05:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.19 05:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.11.19 05:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.11.19 04:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.11.19 04:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.11.19 04:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro
[2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen
[2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2012.11.19 04:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2012.11.19 04:55:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations
[2012.11.19 04:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.19 02:46:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Secunia PSI
[2012.11.19 02:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.11.19 02:32:03 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.11.11 12:56:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{5B0F5175-3DB3-485A-BF4E-8E59275D7E55}
[2012.11.09 14:00:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{BCA0C15B-0ED4-47E3-970C-A2AC47618E2B}
[2012.11.08 14:05:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{F224BCAB-2619-49E2-ADCC-9DBF01CB4019}
[2012.11.07 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{C2B320E2-2DBE-4243-9436-B774BFB18B75}
[2012.11.05 04:52:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Barf
[2012.10.24 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bibi Blocksberg
[2012.10.24 17:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bibi Blocksberg
[2012.10.24 17:49:27 | 000,000,000 | ---D | C] -- C:\Kiddinx
[2012.08.24 11:22:52 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[3 C:\Users\Nicole_Ronny\Documents\*.tmp files -> C:\Users\Nicole_Ronny\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.22 10:47:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe
[2012.11.22 10:09:24 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 10:09:24 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 10:01:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 10:01:42 | 522,719,231 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.21 20:51:28 | 000,001,957 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf
[2012.11.21 20:42:45 | 000,047,248 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf
[2012.11.21 14:53:55 | 000,278,161 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip
[2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe
[2012.11.21 14:50:47 | 000,050,477 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Defogger.exe
[2012.11.21 14:37:05 | 000,000,000 | ---- | M] () -- C:\Users\Nicole_Ronny\defogger_reenable
[2012.11.21 02:06:59 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job
[2012.11.21 02:06:59 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job
[2012.11.21 02:06:59 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy -  Scheduled Task.job
[2012.11.21 01:18:20 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk
[2012.11.21 00:11:19 | 000,069,632 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx
[2012.11.20 22:51:40 | 000,105,272 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html
[2012.11.20 19:49:24 | 000,000,108 | ---- | M] () -- C:\index.ini
[2012.11.20 19:48:39 | 000,013,536 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm
[2012.11.20 15:49:02 | 012,845,056 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb
[2012.11.20 15:08:13 | 000,000,903 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk
[2012.11.20 10:22:07 | 000,007,648 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg
[2012.11.19 19:51:44 | 001,613,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 19:51:44 | 000,697,064 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.19 19:51:44 | 000,652,382 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 19:51:44 | 000,148,102 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.19 19:51:44 | 000,121,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 08:05:45 | 026,850,922 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp
[2012.11.19 07:48:38 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.19 06:12:56 | 000,444,833 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.19 05:25:36 | 001,550,476 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf
[2012.11.19 05:08:34 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.19 05:06:29 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.19 05:01:20 | 000,001,226 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Spybot - Search & Destroy.lnk
[2012.11.19 04:59:51 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.11.19 04:00:28 | 000,002,440 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk
[2012.11.19 02:46:13 | 000,001,074 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.11.19 02:32:03 | 000,001,232 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk
[2012.11.19 02:29:01 | 000,144,892 | ---- | M] () -- C:\ProgramData\1353287791.bdinstall.bin
[2012.11.19 01:38:57 | 000,000,325 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012.11.19 01:22:44 | 000,079,873 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf
[2012.11.08 09:06:12 | 000,000,680 | RHS- | M] () -- C:\Users\Nicole_Ronny\ntuser.pol
[2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.02 13:25:31 | 000,140,576 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.10.28 18:54:08 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 17:49:33 | 000,000,019 | ---- | M] () -- C:\Windows\BibiHexe.ini
[2012.10.24 17:49:32 | 000,001,237 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Das vertauschte Hexenkraut.lnk
[3 C:\Users\Nicole_Ronny\Documents\*.tmp files -> C:\Users\Nicole_Ronny\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.21 20:51:28 | 000,001,957 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf
[2012.11.21 20:42:39 | 000,047,248 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf
[2012.11.21 14:53:55 | 000,278,161 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip
[2012.11.21 14:50:46 | 000,050,477 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Defogger.exe
[2012.11.21 14:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Nicole_Ronny\defogger_reenable
[2012.11.21 00:11:06 | 000,069,632 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx
[2012.11.20 22:51:40 | 000,105,272 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html
[2012.11.20 19:48:39 | 000,013,536 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm
[2012.11.20 18:10:36 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy -  Scheduled Task.job
[2012.11.20 15:08:13 | 000,000,903 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk
[2012.11.20 11:43:21 | 012,845,056 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb
[2012.11.20 11:28:10 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk
[2012.11.20 09:14:15 | 000,000,108 | ---- | C] () -- C:\index.ini
[2012.11.19 08:05:49 | 026,850,922 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp
[2012.11.19 07:48:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.19 07:48:38 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.19 05:25:35 | 001,550,476 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf
[2012.11.19 05:06:29 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.19 05:01:20 | 000,001,226 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Spybot - Search & Destroy.lnk
[2012.11.19 04:59:51 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.11.19 04:53:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.19 04:47:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.19 04:00:28 | 000,002,440 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk
[2012.11.19 03:59:36 | 000,001,148 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job
[2012.11.19 03:59:36 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job
[2012.11.19 02:46:13 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.11.19 02:46:13 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.11.19 02:32:03 | 000,001,232 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk
[2012.11.19 02:29:01 | 000,144,892 | ---- | C] () -- C:\ProgramData\1353287791.bdinstall.bin
[2012.11.19 01:22:42 | 000,079,873 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf
[2012.11.05 05:00:36 | 000,042,660 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\377799_395830953805396_1208063472_n.jpg
[2012.10.24 17:49:33 | 000,000,019 | ---- | C] () -- C:\Windows\BibiHexe.ini
[2012.10.24 17:49:32 | 000,001,237 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Das vertauschte Hexenkraut.lnk
[2012.10.15 11:32:36 | 000,039,157 | ---- | C] () -- C:\Users\Nicole_Ronny\1350297157261.jpg
[2012.09.12 05:14:08 | 000,782,872 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 029.jpg
[2012.09.12 05:14:08 | 000,756,104 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 031.jpg
[2012.09.12 05:14:08 | 000,710,268 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 030.jpg
[2012.09.12 05:14:08 | 000,617,316 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 032.jpg
[2012.09.11 16:07:13 | 000,007,648 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg
[2012.09.11 12:51:06 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.09 17:23:26 | 000,015,238 | ---- | C] () -- C:\Users\Nicole_Ronny\0-41BFAB99-800.jpg
[2012.09.09 17:23:26 | 000,015,107 | ---- | C] () -- C:\Users\Nicole_Ronny\0-1802B6E1-800.jpg
[2012.09.09 17:23:26 | 000,015,027 | ---- | C] () -- C:\Users\Nicole_Ronny\0-CB8D2DBD-800.jpg
[2012.04.12 13:24:50 | 000,000,204 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.30 12:57:46 | 000,000,680 | RHS- | C] () -- C:\Users\Nicole_Ronny\ntuser.pol
[2012.03.26 10:28:28 | 000,182,741 | ---- | C] () -- C:\ProgramData\1332753721.bdinstall.bin
[2012.03.26 09:32:46 | 000,232,238 | ---- | C] () -- C:\ProgramData\1332750508.bdinstall.bin
[2012.03.26 09:08:57 | 000,033,598 | ---- | C] () -- C:\ProgramData\1332749329.bdinstall.bin
[2012.03.26 08:36:03 | 001,590,274 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.03 17:43:24 | 000,078,041 | ---- | C] () -- C:\Users\Nicole_Ronny\253493_181725435214794_100001320155288_432283_5783061_n.jpg
[2011.08.03 17:26:36 | 000,094,105 | ---- | C] () -- C:\Users\Nicole_Ronny\38369_106656942721644_100001320155288_52090_4441664_n.jpg
[2011.07.20 17:57:44 | 000,090,362 | ---- | C] () -- C:\Users\Nicole_Ronny\FCEAEA68-9F30-4CF3-8EF1-FEFA15A46F87.jpg
[2011.07.13 08:15:08 | 000,018,553 | ---- | C] () -- C:\Users\Nicole_Ronny\189234_162313683822636_100001320155288_321446_1238858_n.jpg
[2011.06.12 13:36:14 | 000,689,020 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 006.jpg
[2011.06.12 13:36:12 | 000,696,664 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 004.jpg
[2011.06.12 13:36:12 | 000,650,524 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 003.jpg
[2011.06.12 13:36:10 | 000,773,716 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 001.jpg
[2011.06.12 13:36:10 | 000,731,220 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 002.jpg
[2011.06.02 17:33:18 | 000,749,728 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 013.jpg
[2011.06.02 17:33:16 | 000,635,520 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 010.jpg
[2011.04.22 20:39:12 | 000,652,861 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0761.jpg
[2011.04.22 20:37:30 | 000,817,456 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0767.jpg
[2011.04.22 20:36:58 | 000,805,195 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0768.jpg
[2011.04.22 20:36:26 | 000,821,366 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0769.jpg
[2011.04.22 20:04:30 | 000,607,628 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0764.jpg
[2006.01.01 12:09:10 | 000,712,756 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0004 (3).jpg
[2006.01.01 12:08:40 | 000,651,260 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0003 (3).jpg
[2006.01.01 11:07:54 | 000,568,656 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0015.jpg
[2006.01.01 11:02:10 | 000,671,016 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0009.jpg
[2006.01.01 11:01:32 | 000,817,044 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0008.jpg
[2006.01.01 11:01:18 | 000,695,184 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0007.jpg
[2006.01.01 11:00:58 | 000,754,920 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0006.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.19 04:55:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations
[2012.05.02 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Epson
[2012.11.19 04:56:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen
[2012.08.23 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Mystery of Mortlake Mansion
[2012.11.19 05:29:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro
[2012.03.26 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\OEM
[2012.10.02 14:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PerformerSoft
[2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PowerCinema
[2012.10.11 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\QuickScan
[2012.11.21 01:04:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\SoftGrid Client
[2012.03.26 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TP
[2012.04.07 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TuxPaint
[2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\WildTangent
[2012.03.30 12:15:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.20 23:12:39 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.03.26 09:03:04 | 000,000,000 | R--D | M] -- C:\Backup
[2011.09.22 13:49:01 | 000,000,000 | ---D | M] -- C:\book
[2012.11.20 23:48:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.11 10:24:03 | 000,000,000 | ---D | M] -- C:\Intel
[2012.10.24 17:49:27 | 000,000,000 | ---D | M] -- C:\Kiddinx
[2012.09.11 17:49:33 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.09.11 17:49:33 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs
[2012.11.20 23:04:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.20 15:08:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.11.19 05:33:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.26 07:57:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.22 10:49:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.21 01:30:42 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.07 07:16:54 | 000,000,000 | -H-D | M] -- C:\VritualRoot
[2012.11.22 10:01:53 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.11.20 23:04:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F86417009FF}
[2012.11.19 02:17:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}
[2012.11.19 20:07:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{31A559C1-9E4D-423B-9DD3-34A6C5398752}
[2012.11.19 20:07:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}
[2012.11.19 04:58:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012.11.19 07:48:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}
 
< %localappdata%\*. /5 >
[2012.11.21 01:01:10 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Diagnostics
[2012.11.20 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Downloaded Installations
[2012.11.19 04:59:51 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Google
[2012.11.20 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Programs
[2012.11.19 02:46:17 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Secunia PSI
[2012.11.22 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Temp

< End of report >
         
--- --- ---
__________________

Alt 22.11.2012, 10:44   #4
Nic69
 
GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.11.2012 10:09:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicole_Ronny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,12 Gb Available Physical Memory | 68,84% Memory free
11,96 Gb Paging File | 9,85 Gb Available in Paging File | 82,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,45 Gb Total Space | 385,37 Gb Free Space | 84,43% Space Free | Partition Type: NTFS
Drive D: | 456,96 Gb Total Space | 456,59 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 246,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,69 Gb Total Space | 1,81 Gb Free Space | 49,23% Space Free | Partition Type: FAT32
 
Computer Name: NICOLE_RONNY-PC | User Name: Nicole_Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.WRGSH7JCMTFDPJGLSBDMIM6VJY] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F712571-905C-4912-BEA7-6A9C6218D810}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1698507A-3CE8-4378-A8BA-A3F6674F85B6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1B854FDA-E6CA-4C21-BF27-0DF66E84E8DD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1B91BD0F-DC75-4422-BD45-5CBAEAE2A7DF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\wnt500x64\rpcsandrasrv.exe | 
"{246DDC0D-5FC9-4B34-A46E-76EB68CE4A20}" = lport=445 | protocol=6 | dir=in | app=system | 
"{37A88702-306B-4AF3-BB21-13851D71BB93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{39DB3247-186B-45E9-AC6A-59EE4E23498F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{41CE34CD-482A-4215-A027-D434B5A6F7D2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4478E472-DF84-402E-A38D-89C5ECC6827B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4847DDA4-01A9-4D65-8820-BD83A161CF2F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5561476E-0D97-4D3C-9424-C2F5E4A93786}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5DDB9B9F-26B0-40F8-965A-2611D12D4732}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{600BA4A8-53A4-488A-A939-FD6B7E5939A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6125EDC3-74F2-4806-B082-8B89386536AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64D161F8-C9A4-4726-9B05-B945C9BD7BC0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{71E58778-9E77-4DE1-8407-D40965279A41}" = lport=138 | protocol=17 | dir=in | app=system | 
"{77FE38F4-748C-4AB0-917C-586AD0460F6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{914DF2DD-76FF-47E9-AF2D-23AC342782FC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\rpcagentsrv.exe | 
"{94D05365-AABB-4DAF-9E5A-00FCE566DB49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9597C05A-1907-40A9-B1FA-916B94D1DCED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9817ED3A-C0ED-4566-B0B0-EB12F5630204}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{98AAF382-C13D-4979-A805-1D06AEB95BA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A430D857-A359-45E5-91B0-EF0E722E4CE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8E80763-EF1D-453D-BE79-58F38192FEDE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D2E674D7-C4A4-4F11-9C7C-B7CDB5AC2A39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7578772-6BF1-4FE4-8327-D239E648D280}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FDB88A66-958D-4285-8677-65C52FC06F99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04987977-AE2C-460B-ADE0-4BF940E0D23A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{123249A5-0DFA-42D6-9FA1-597DBDA68AE4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{124A8462-1E46-48AF-946B-47EBE190668F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{17E4B447-DF11-4459-A645-F47BAA41325B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{3CD9374B-5B1B-4C33-A4E3-FF258EBF8C84}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{42442144-8CCC-40D9-8343-2454CC742F8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4936F6FA-791F-49C0-81CD-7B3763DE851B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{53744E09-92A5-40D2-A849-14CB91900DAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{55ABA293-EDBE-4674-9FC6-5C2DDD0F1F2F}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{65FE6145-F534-4DF1-94CD-DC6EEEB7BF99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{69B4221A-E03C-4980-A65B-E837D1FB3968}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C55A2C8-82FE-4092-A403-5A76ED4D2AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7CCF47B1-2A16-4F99-BC6C-F91381525C26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{812B2FBD-0DC4-4141-BC33-775ECDB81DA3}" = protocol=6 | dir=out | app=system | 
"{8353C6CB-3E2A-4BA8-AB29-96DDC097DB41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{86441572-9735-47E6-8DDA-036577C1434F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{867F9B08-8098-4AD2-A04F-4F54F1A1045F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{8DE01739-38F9-486A-AF77-CC5114D4E5B9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{AC6BB3F4-630A-488B-A136-C8E48A25C5A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE793A04-A9EA-4512-B3A9-F4B64A69182D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B66D67CF-61C6-4A48-A84F-FCEF5666B706}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B86C6A0D-233A-4418-8B54-21CAF279E66D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D6125FDC-6587-47BD-9C4E-227FF62406C9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{DC839627-C03E-4ECC-AB34-A5CBA3CFC6D4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{ED91579B-7073-4D88-BAA2-EF8754A652D9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{F48842D7-860B-4687-A39B-2A55AF1ED042}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7EBDD2F-A238-4397-975C-A61871CDE935}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F903ED9E-0D1D-4EA1-A037-33AC37A03DE7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SDEPRO20_is1" = SDExplorer 3.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Avira AntiVir Desktop" = Avira Internet Security
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON Scanner" = EPSON Scan
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"LastPass" = LastPass (uninstall only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Tux Paint_is1" = Tux Paint 0.9.21
"WildTangent acer Master Uninstall" = Acer Games
"WTA-0550479a-03fc-4a53-839e-dcbc21801afe" = Plants vs. Zombies - Game of the Year
"WTA-067c94de-c523-42df-bceb-75e5d02e1e33" = Jewel Match 3
"WTA-2b12e054-5c6d-4d4c-b0b5-55d536f7650c" = Crazy Chicken Kart 2
"WTA-2cfed0ee-6fec-4da2-9103-38f2ac3bf6a8" = Zuma Deluxe
"WTA-38875c2b-bda0-4950-b036-cc8d1c903ee7" = Bejeweled 2 Deluxe
"WTA-46a8b91d-8519-4fb7-855e-08a99200260c" = Virtual Villagers 4 - The Tree of Life
"WTA-4ae7830b-cd65-4e29-aacc-29e7a8bfc58d" = Chuzzle Deluxe
"WTA-5192aee3-bca7-416e-8890-e21584368783" = Agatha Christie - Death on the Nile
"WTA-64939b29-46f6-42bf-a60c-350ab1f3b55d" = FATE
"WTA-76877f0a-0501-4908-b160-38d234993cff" = Torchlight
"WTA-83112490-d789-4869-bdb2-ed6b61b9760c" = John Deere Drive Green
"WTA-8a4dd94a-6902-476b-a998-29468ac12b3b" = Mystery of Mortlake Mansion
"WTA-9067186d-4a7e-4ee5-9b5b-3cadf97bc94f" = Penguins!
"WTA-9683e1b6-a573-429b-946e-f2e287afceef" = Wedding Dash
"WTA-aceef271-c3b4-4695-bc35-9f80ad198a59" = Insaniquarium Deluxe
"WTA-d3d2ab8c-30c2-423a-bb17-3e6c2aa34738" = Final Drive: Nitro
"WTA-df8ef4d0-770f-4bd8-80fd-73c01ecc4e89" = Slingo Deluxe
"WTA-f6a5b977-5b91-43c9-b7bc-e3489640ca7b" = Polar Bowler
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 04:12:20 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.10.2012 07:26:50 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.10.2012 05:00:16 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.10.2012 05:28:28 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.10.2012 13:05:49 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.10.2012 02:29:52 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.10.2012 02:15:08 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.10.2012 06:48:07 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2012 02:46:11 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2012 12:15:17 | Computer Name = Nicole_Ronny-PC | Source = Application Hang | ID = 1002
Description = Programm clear.fi.exe, Version 1.0.2228.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c88    Startzeit: 
01cdaaf02d964239    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe

Berichts-ID:
 798dd2f6-16e3-11e2-a4e2-c89cdc2d77a2  
 
[ System Events ]
Error - 16.08.2012 01:59:15 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 17.08.2012 02:06:23 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 18.08.2012 03:17:18 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 18.08.2012 03:37:20 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 19.08.2012 03:44:31 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 20.08.2012 15:18:04 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 21.08.2012 22:13:18 | Computer Name = Nicole_Ronny-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 23.08.2012 03:29:58 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 24.08.2012 02:27:15 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
Error - 24.08.2012 05:49:30 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   trufos
 
 
< End of report >
         
--- --- ---

Danke auch für die Hilfe

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 11:46:57
-----------------------------
11:46:57.303 OS Version: Windows x64 6.1.7601 Service Pack 1
11:46:57.303 Number of processors: 4 586 0x2A07
11:46:57.303 ComputerName: NICOLE_RONNY-PC UserName: Nicole_Ronny
11:46:58.317 Initialize success
11:48:59.860 AVAST engine defs: 12112200
12:07:19.648 The log file has been saved successfully to "C:\Users\Nicole_Ronny\Desktop\aswMBR.txt"

Ich glaub ich hab den Scan vorzeitig beendet. Hier der komplette Scan:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 13:41:11
-----------------------------
13:41:11.765 OS Version: Windows x64 6.1.7601 Service Pack 1
13:41:11.765 Number of processors: 4 586 0x2A07
13:41:11.765 ComputerName: NICOLE_RONNY-PC UserName: Nicole_Ronny
13:41:13.036 Initialize success
13:41:18.682 AVAST engine defs: 12112200
13:41:22.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:41:22.228 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
13:41:22.257 Disk 0 MBR read successfully
13:41:22.260 Disk 0 MBR scan
13:41:22.266 Disk 0 Windows 7 default MBR code
13:41:22.278 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
13:41:22.297 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
13:41:22.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467406 MB offset 37955584
13:41:22.339 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 467929 MB offset 995203072
13:41:22.363 Disk 0 scanning C:\Windows\system32\drivers
13:41:30.418 Service scanning
13:41:45.583 Modules scanning
13:41:45.592 Disk 0 trace - called modules:
13:41:45.935 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:41:45.941 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e1b060]
13:41:45.946 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f32050]
13:41:47.447 AVAST engine scan C:\Windows
13:41:49.142 AVAST engine scan C:\Windows\system32
13:43:47.431 AVAST engine scan C:\Windows\system32\drivers
13:43:57.042 AVAST engine scan C:\Users\Nicole_Ronny
13:47:11.664 AVAST engine scan C:\ProgramData
13:47:31.672 Scan finished successfully
14:17:53.471 Disk 0 MBR has been saved successfully to "C:\Users\Nicole_Ronny\Desktop\MBR.dat"
14:17:53.474 The log file has been saved successfully to "C:\Users\Nicole_Ronny\Desktop\aswMBR.txt"

Geändert von Nic69 (22.11.2012 um 11:10 Uhr)

Alt 22.11.2012, 14:28   #5
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.11.2012, 16:30   #6
Nic69
 
GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-22.03 - Nicole_Ronny 22.11.2012  17:15:19.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.4552 [GMT 1:00]
ausgeführt von:: c:\users\Nicole_Ronny\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1332749329.bdinstall.bin
c:\programdata\1332750508.bdinstall.bin
c:\programdata\1332753721.bdinstall.bin
c:\programdata\1353287791.bdinstall.bin
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Nicole_Ronny\AppData\Roaming\siw_sdk.dll
c:\users\Nicole_Ronny\Documents\~WRL0003.tmp
c:\users\Nicole_Ronny\Documents\~WRL2012.tmp
c:\users\Nicole_Ronny\Documents\~WRL2507.tmp
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-22 bis 2012-11-22  ))))))))))))))))))))))))))))))
.
.
2012-11-22 16:18 . 2012-11-22 16:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-22 16:17 . 2012-11-22 16:17	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{439AF7CE-1A41-4816-BDEA-3781DC4AD04B}\offreg.dll
2012-11-20 22:05 . 2012-11-20 22:04	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-20 22:05 . 2012-11-20 22:04	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-20 22:05 . 2012-11-20 22:04	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-20 22:04 . 2012-11-20 22:04	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-20 22:04 . 2012-11-20 22:04	188904	----a-w-	c:\windows\system32\java.exe
2012-11-20 22:04 . 2012-11-20 22:04	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-20 22:04 . 2012-11-20 22:04	--------	d-----w-	c:\program files\Java
2012-11-20 14:08 . 2012-11-20 14:08	--------	d-----w-	c:\program files (x86)\SIW
2012-11-20 10:28 . 2012-11-20 10:28	--------	d-----w-	c:\program files\SiSoftware
2012-11-20 10:27 . 2012-11-20 10:27	--------	d-----w-	c:\users\Nicole_Ronny\AppData\Local\Programs
2012-11-19 19:07 . 2012-11-19 19:07	--------	d-----w-	c:\program files (x86)\Spirent Communications
2012-11-19 19:07 . 2012-11-20 18:52	--------	d-----w-	c:\program files (x86)\HTC
2012-11-19 04:06 . 2012-11-22 16:03	--------	d-----w-	c:\programdata\Avira
2012-11-19 04:01 . 2012-11-22 15:59	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-11-19 04:01 . 2012-11-22 15:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-11-19 03:58 . 2012-11-19 03:58	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-11-19 03:56 . 2012-11-19 04:29	--------	d-----w-	c:\users\Nicole_Ronny\AppData\Roaming\Nitro
2012-11-19 03:56 . 2012-11-19 03:56	--------	d-----w-	c:\users\Nicole_Ronny\AppData\Roaming\FileOpen
2012-11-19 03:56 . 2012-11-19 03:56	--------	d-----w-	c:\programdata\FileOpen
2012-11-19 03:56 . 2012-11-19 03:56	--------	d-----w-	c:\programdata\Nitro
2012-11-19 03:55 . 2012-11-19 03:55	--------	d-----w-	c:\users\Nicole_Ronny\AppData\Roaming\Downloaded Installations
2012-11-19 03:53 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-19 03:53 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 03:53 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 03:53 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-19 03:47 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{439AF7CE-1A41-4816-BDEA-3781DC4AD04B}\mpengine.dll
2012-11-19 03:47 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 03:47 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 03:47 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-19 03:47 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-19 03:47 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-19 03:47 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 03:47 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-19 01:46 . 2012-11-19 01:46	--------	d-----w-	c:\users\Nicole_Ronny\AppData\Local\Secunia PSI
2012-11-19 01:46 . 2012-11-19 01:46	--------	d-----w-	c:\program files (x86)\Secunia
2012-10-28 18:13 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-28 18:13 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-28 18:13 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-28 18:13 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-28 18:13 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-28 18:13 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-28 18:13 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-28 18:13 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-28 18:12 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-28 18:12 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-28 18:11 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-28 18:11 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-28 18:11 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-28 18:10 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-28 18:10 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-24 16:49 . 2012-10-24 16:49	--------	d-----w-	C:\Kiddinx
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 16:06 . 2012-09-12 02:48	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 16:06 . 2012-09-12 02:48	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-19 03:48 . 2012-07-28 21:13	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-19 03:02 . 2012-08-27 08:53	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-19 03:02 . 2012-08-27 08:53	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 10:22 . 2012-08-24 10:22	14690376	----a-w-	c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe"
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Nicole_Ronny\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-11 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-11 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-11 62776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-23 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 16:06]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job
- c:\users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-19 02:59]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job
- c:\users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-19 02:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: LastPass - file://c:\users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-22  17:19:30
ComboFix-quarantined-files.txt  2012-11-22 16:19
.
Vor Suchlauf: 9 Verzeichnis(se), 420.348.071.936 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 420.035.530.752 Bytes frei
.
- - End Of File - - 96BBEB839B7F764B28434C7CAF96E48D
         
--- --- ---

Alt 22.11.2012, 16:37   #7
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Hi,

Sieht schon besser aus. Wie läuft der Rechner?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Und ein frisches OTL log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.11.2012, 18:22   #8
Nic69
 
GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Hi,

der Rechner läuft gut. Was war/ist das? Ein Trojaner? Ich habe den Eset Scan durchlaufen lassen, leider finde ich nach Abschluss "List of found threats und und Export to text file" nicht. Ich lasse den Scanner nochmal laufen und melde mich.

Gruss Nicole

Alt 23.11.2012, 08:28   #9
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Jep, da war en bissl Ransomware und Krams aktiv. Poste bitte das ESET-Log wenn Du es hast, wenn keins kommt egal, dann nur ein frisches OTL log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.11.2012, 15:17   #10
Nic69
 
GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Ich habe nochmal den Code in Benutzerdefinierte Scans gepostet. War das richtig? Sry, wenn ich doof frage und danke für die Geduld!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.11.2012 15:55:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicole_Ronny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,63 Gb Available Physical Memory | 77,31% Memory free
11,96 Gb Paging File | 10,48 Gb Available in Paging File | 87,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,45 Gb Total Space | 391,30 Gb Free Space | 85,73% Space Free | Partition Type: NTFS
Drive D: | 456,96 Gb Total Space | 456,59 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive G: | 3,69 Gb Total Space | 1,81 Gb Free Space | 49,23% Space Free | Partition Type: FAT32
 
Computer Name: NICOLE_RONNY-PC | User Name: Nicole_Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe
PRC - [2012.11.06 18:29:54 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.20 10:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011.08.11 04:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2011.05.20 10:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.22 17:06:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.04.02 22:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.16 02:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.11 11:20:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.07.11 11:20:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.07.11 11:20:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.06.30 07:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.06.30 07:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0750B780-14CC-4214-9E13-2E24901151AD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4012_6&babsrc=SP_clro&mntrId=18e695fb000000000000c89cdc2d77a2
IE - HKCU\..\SearchScopes\{A1B64779-455E-4629-9AB5-69C2BDD0BC44}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012.09.08 08:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Extensions
[2012.09.08 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions
[2012.09.11 17:52:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions\support@lastpass.com
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Forge of Empires = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg\1.2_0\
CHR - Extension: Google Drive = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Reggae Music TV = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckckjpfjflmoendemfpgimjjhgmjoegn\4.9.2_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\.bak
CHR - Extension: Google-Suche = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click&Clean = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: LastPass = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\
CHR - Extension: Go Home Dinosaurs (Beta) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icefnknicgejiphafapflechfoeelbeo\1.0.0.8_0\
CHR - Extension: Revolution = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcipgebmlkblphemggnjpampjajepcam\1.1_0\
CHR - Extension: Chrome Flags = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhejngphiacapbgllhagbpdkkdieeaej\1.4_0\
CHR - Extension: Evernote Web = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Qtube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.9_0\
CHR - Extension: Deezer = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Hotmail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.1_0\
CHR - Extension: Google Mail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckfhbhieclolphcegeiohhapkkhhla\2012.11.22.31122_0\
 
O1 HOSTS File: ([2012.11.22 17:18:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: EPSON BX305 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIGJE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: FUFAXSTM - hkey= - key= - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: Uninstall C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.23 20:46:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Avira
[2012.11.23 20:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.23 20:41:24 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.23 20:41:24 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.23 20:41:23 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.23 20:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.11.22 18:00:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nicole_Ronny\Desktop\esetsmartinstaller_enu.exe
[2012.11.22 17:32:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.22 17:14:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.22 17:14:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.22 17:14:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.22 17:14:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.22 17:14:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.22 16:56:39 | 005,005,176 | R--- | C] (Swearware) -- C:\Users\Nicole_Ronny\Desktop\ComboFix.exe
[2012.11.22 10:46:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe
[2012.11.21 14:51:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe
[2012.11.21 01:30:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Lea
[2012.11.21 00:11:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\LocaleMetaData
[2012.11.20 23:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.20 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\ResultReport-Dateien
[2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2012.11.20 11:28:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.20 11:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.11.20 11:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.11.20 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Programs
[2012.11.19 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012.11.19 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012.11.19 20:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012.11.19 07:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.19 05:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.11.19 04:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.11.19 04:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.11.19 04:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro
[2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen
[2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2012.11.19 04:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2012.11.19 04:55:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations
[2012.11.19 04:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.19 02:46:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Secunia PSI
[2012.11.19 02:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.11.19 02:32:03 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.11.11 12:56:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{5B0F5175-3DB3-485A-BF4E-8E59275D7E55}
[2012.11.09 14:00:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{BCA0C15B-0ED4-47E3-970C-A2AC47618E2B}
[2012.11.08 14:05:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{F224BCAB-2619-49E2-ADCC-9DBF01CB4019}
[2012.11.07 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{C2B320E2-2DBE-4243-9436-B774BFB18B75}
[2012.11.05 04:52:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Barf
[2012.08.24 11:22:52 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.24 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.24 14:27:56 | 000,129,046 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\2012-11-08-1340495588_04-RG.PDF
[2012.11.24 14:22:42 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 14:22:42 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 14:15:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.24 14:15:08 | 522,719,231 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 20:41:27 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.22 18:00:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Nicole_Ronny\Desktop\esetsmartinstaller_enu.exe
[2012.11.22 17:37:32 | 105,142,912 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\avira_free_antivirus_de.exe
[2012.11.22 17:18:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.22 16:56:47 | 005,005,176 | R--- | M] (Swearware) -- C:\Users\Nicole_Ronny\Desktop\ComboFix.exe
[2012.11.22 10:47:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe
[2012.11.21 20:51:28 | 000,001,957 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf
[2012.11.21 20:42:45 | 000,047,248 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf
[2012.11.21 14:53:55 | 000,278,161 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip
[2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe
[2012.11.21 14:37:05 | 000,000,000 | ---- | M] () -- C:\Users\Nicole_Ronny\defogger_reenable
[2012.11.21 02:06:59 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job
[2012.11.21 02:06:59 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job
[2012.11.21 01:18:20 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk
[2012.11.21 00:11:19 | 000,069,632 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx
[2012.11.20 22:51:40 | 000,105,272 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html
[2012.11.20 19:49:24 | 000,000,108 | ---- | M] () -- C:\index.ini
[2012.11.20 19:48:39 | 000,013,536 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm
[2012.11.20 15:49:02 | 012,845,056 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb
[2012.11.20 15:08:13 | 000,000,903 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk
[2012.11.20 10:22:07 | 000,007,648 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg
[2012.11.19 19:51:44 | 001,613,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 19:51:44 | 000,697,064 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.19 19:51:44 | 000,652,382 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 19:51:44 | 000,148,102 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.19 19:51:44 | 000,121,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 08:05:45 | 026,850,922 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp
[2012.11.19 07:48:38 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.19 05:25:36 | 001,550,476 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf
[2012.11.19 05:08:34 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.19 04:59:51 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.11.19 04:00:28 | 000,002,440 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk
[2012.11.19 02:46:13 | 000,001,074 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.11.19 02:32:03 | 000,001,232 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk
[2012.11.19 01:38:57 | 000,000,325 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012.11.19 01:22:44 | 000,079,873 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf
[2012.11.08 09:06:12 | 000,000,680 | RHS- | M] () -- C:\Users\Nicole_Ronny\ntuser.pol
[2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.28 18:54:08 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.24 14:27:52 | 000,129,046 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\2012-11-08-1340495588_04-RG.PDF
[2012.11.23 20:41:27 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.22 17:35:00 | 105,142,912 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\avira_free_antivirus_de.exe
[2012.11.22 17:14:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.22 17:14:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.22 17:14:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.22 17:14:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.22 17:14:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 17:06:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.21 20:51:28 | 000,001,957 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf
[2012.11.21 20:42:39 | 000,047,248 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf
[2012.11.21 14:53:55 | 000,278,161 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip
[2012.11.21 14:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Nicole_Ronny\defogger_reenable
[2012.11.21 00:11:06 | 000,069,632 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx
[2012.11.20 22:51:40 | 000,105,272 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html
[2012.11.20 19:48:39 | 000,013,536 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm
[2012.11.20 15:08:13 | 000,000,903 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk
[2012.11.20 11:43:21 | 012,845,056 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb
[2012.11.20 11:28:10 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk
[2012.11.20 09:14:15 | 000,000,108 | ---- | C] () -- C:\index.ini
[2012.11.19 08:05:49 | 026,850,922 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp
[2012.11.19 07:48:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.19 07:48:38 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.19 05:25:35 | 001,550,476 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf
[2012.11.19 04:59:51 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.11.19 04:53:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.19 04:47:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.19 04:00:28 | 000,002,440 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk
[2012.11.19 03:59:36 | 000,001,148 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job
[2012.11.19 03:59:36 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job
[2012.11.19 02:46:13 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.11.19 02:46:13 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.11.19 02:32:03 | 000,001,232 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk
[2012.11.19 01:22:42 | 000,079,873 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf
[2012.11.05 05:00:36 | 000,042,660 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\377799_395830953805396_1208063472_n.jpg
[2012.10.24 17:49:33 | 000,000,019 | ---- | C] () -- C:\Windows\BibiHexe.ini
[2012.10.15 11:32:36 | 000,039,157 | ---- | C] () -- C:\Users\Nicole_Ronny\1350297157261.jpg
[2012.09.12 05:14:08 | 000,782,872 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 029.jpg
[2012.09.12 05:14:08 | 000,756,104 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 031.jpg
[2012.09.12 05:14:08 | 000,710,268 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 030.jpg
[2012.09.12 05:14:08 | 000,617,316 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 032.jpg
[2012.09.11 16:07:13 | 000,007,648 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg
[2012.09.09 17:23:26 | 000,015,238 | ---- | C] () -- C:\Users\Nicole_Ronny\0-41BFAB99-800.jpg
[2012.09.09 17:23:26 | 000,015,107 | ---- | C] () -- C:\Users\Nicole_Ronny\0-1802B6E1-800.jpg
[2012.09.09 17:23:26 | 000,015,027 | ---- | C] () -- C:\Users\Nicole_Ronny\0-CB8D2DBD-800.jpg
[2012.04.12 13:24:50 | 000,000,204 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.30 12:57:46 | 000,000,680 | RHS- | C] () -- C:\Users\Nicole_Ronny\ntuser.pol
[2012.03.26 08:36:03 | 001,590,274 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.03 17:43:24 | 000,078,041 | ---- | C] () -- C:\Users\Nicole_Ronny\253493_181725435214794_100001320155288_432283_5783061_n.jpg
[2011.08.03 17:26:36 | 000,094,105 | ---- | C] () -- C:\Users\Nicole_Ronny\38369_106656942721644_100001320155288_52090_4441664_n.jpg
[2011.07.20 17:57:44 | 000,090,362 | ---- | C] () -- C:\Users\Nicole_Ronny\FCEAEA68-9F30-4CF3-8EF1-FEFA15A46F87.jpg
[2011.07.13 08:15:08 | 000,018,553 | ---- | C] () -- C:\Users\Nicole_Ronny\189234_162313683822636_100001320155288_321446_1238858_n.jpg
[2011.06.12 13:36:14 | 000,689,020 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 006.jpg
[2011.06.12 13:36:12 | 000,696,664 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 004.jpg
[2011.06.12 13:36:12 | 000,650,524 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 003.jpg
[2011.06.12 13:36:10 | 000,773,716 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 001.jpg
[2011.06.12 13:36:10 | 000,731,220 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 002.jpg
[2011.06.02 17:33:18 | 000,749,728 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 013.jpg
[2011.06.02 17:33:16 | 000,635,520 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 010.jpg
[2011.04.22 20:39:12 | 000,652,861 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0761.jpg
[2011.04.22 20:37:30 | 000,817,456 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0767.jpg
[2011.04.22 20:36:58 | 000,805,195 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0768.jpg
[2011.04.22 20:36:26 | 000,821,366 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0769.jpg
[2011.04.22 20:04:30 | 000,607,628 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0764.jpg
[2006.01.01 12:09:10 | 000,712,756 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0004 (3).jpg
[2006.01.01 12:08:40 | 000,651,260 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0003 (3).jpg
[2006.01.01 11:07:54 | 000,568,656 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0015.jpg
[2006.01.01 11:02:10 | 000,671,016 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0009.jpg
[2006.01.01 11:01:32 | 000,817,044 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0008.jpg
[2006.01.01 11:01:18 | 000,695,184 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0007.jpg
[2006.01.01 11:00:58 | 000,754,920 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0006.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.19 04:55:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations
[2012.05.02 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Epson
[2012.11.19 04:56:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen
[2012.08.23 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Mystery of Mortlake Mansion
[2012.11.19 05:29:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro
[2012.03.26 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\OEM
[2012.10.02 14:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PerformerSoft
[2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PowerCinema
[2012.10.11 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\QuickScan
[2012.11.21 01:04:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\SoftGrid Client
[2012.03.26 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TP
[2012.04.07 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TuxPaint
[2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\WildTangent
[2012.03.30 12:15:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.22 17:32:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.03.26 09:03:04 | 000,000,000 | R--D | M] -- C:\Backup
[2011.09.22 13:49:01 | 000,000,000 | ---D | M] -- C:\book
[2012.11.23 21:34:36 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.11 10:24:03 | 000,000,000 | ---D | M] -- C:\Intel
[2012.10.24 17:49:27 | 000,000,000 | ---D | M] -- C:\Kiddinx
[2012.09.11 17:49:33 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012.09.11 17:49:33 | 000,000,000 | ---D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.20 23:04:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.23 21:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.11.22 17:17:57 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.22 17:19:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.03.26 07:57:55 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.11.24 15:56:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.21 01:30:42 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.07 07:16:54 | 000,000,000 | ---D | M] -- C:\VritualRoot
[2012.11.24 14:15:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.11.20 23:04:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F86417009FF}
[2012.11.19 20:07:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{31A559C1-9E4D-423B-9DD3-34A6C5398752}
[2012.11.19 20:07:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}
 
< %localappdata%\*. /5 >
[2012.11.21 01:01:10 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Diagnostics
[2012.11.20 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Downloaded Installations
[2012.11.20 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Programs
[2012.11.24 15:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Temp

< End of report >
         
--- --- ---

Alt 24.11.2012, 16:32   #11
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Hi,

Windows-Taste+R > Combofix /Uninstall > Enter

OTL öffnen > Button Bereinigung drücken



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.11.2012, 18:47   #12
Nic69
 
GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Ok, alles erledigt!

Gruss Nicole

Alt 24.11.2012, 20:09   #13
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Standard

GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?



Alles klar
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?
autostart, avira, bitdefender, defender, desktop, explorer, forum, hilfe!, home, internet explorer, kaspersky, neustart, office, online, programm, ratlos, scan, security, system, systemfehler, trojaner, viren, windows live, zugriff verweigert



Ähnliche Themen: GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?


  1. BKA-Trojaner und Kaspersky Rescue Disk; PC Winows 7
    Log-Analyse und Auswertung - 31.07.2014 (1)
  2. Keine Netzwerkverbindung mit Kaspersky Rescue Disk
    Alles rund um Windows - 04.03.2014 (11)
  3. Interpol Trojaner mit Kaspersky Rescue Disk 10 entfernen geht nicht.
    Log-Analyse und Auswertung - 21.12.2013 (15)
  4. Kaspersky Rescue Disk Bericht
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (1)
  5. 2x | Kaspersky Rescue Disk Bericht
    Mülltonne - 12.09.2013 (1)
  6. Bundespolizei Trojaner, Probleme mit Kaspersky Rescue Disk.....
    Log-Analyse und Auswertung - 18.02.2013 (3)
  7. GVU-Trojaner, Überprüfung mit malwarebytes, Kaspersky Rescue Disk und avast, verschiedene Funde, jetzt sauber?
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (22)
  8. PC gesperrt, kASPERSKY Rescue Disk bootet nicht.
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (16)
  9. Kaspersky Rescue Disk funktioniert nicht
    Log-Analyse und Auswertung - 27.10.2012 (1)
  10. BKA Trojaner der Version 1.13 kann mit der Kaspersky-Rescue-Disc nicht entfernt werden
    Log-Analyse und Auswertung - 13.10.2012 (6)
  11. Kaspersky Rescue Disk, updatequelle nicht gefunden, keine Netzwerkverbindung
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (1)
  12. BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (9)
  13. BKA-Virus nicht durch Kaspersky Rescue Disk erkannt
    Plagegeister aller Art und deren Bekämpfung - 16.09.2011 (14)
  14. Virenbekämpfung mit Kaspersky rescue disk 10 ... hängengeblieben?
    Antiviren-, Firewall- und andere Schutzprogramme - 16.07.2011 (15)
  15. Kaspersky Rescue Disk 10
    Alles rund um Windows - 18.06.2011 (1)
  16. Kaspersky Rescue Disk
    Anleitungen, FAQs & Links - 24.03.2010 (3)

Zum Thema GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? - Hallo, Windows 7 Home Premium 64 bit ich nutze meinen PC zwar häufig, allerdings für Office und Internet. Von Viren, Trojanern und dem Innenleben meines PC´s habe ich kaum Ahnung - GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?...
Archiv
Du betrachtest: GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.