TR/ATRAPS.Gen und TR/ATRAPS.Gen2 und mehr? Guten Abend Zusammen, seit heute gibt Antivir unaufhörlich Fundmeldungen über Dateien namens "ATRAPS.Gen" oder "ATRAPS.Gen2" aus. Gerne auch mal beide gleichzeitig. Bin bei der Webrecherche auf dieses Board gestoßen und erhoffe mir nun nach dem Lesen einiger Threads Hilfe von den versierten Usern hier. Ich selbst bin, was Schädlingsbekämpfung angeht, absoluter Laie. Daher bin ich nach der Anleitung aus diesem Forum vorgegangen. dfogger wurde ausgeführt mit anschließendem Neustart. Danach bin ich mit OTL drübergegangen. Das Ergebnis findet ihr hier: OTL.txt OTL logfile created on: 27.06.2012 21:18:12 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Tobi\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,74% Memory free 16,05 Gb Paging File | 14,04 Gb Available in Paging File | 87,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,32 Gb Total Space | 18,05 Gb Free Space | 5,29% Space Free | Partition Type: NTFS Drive D: | 341,32 Gb Total Space | 90,95 Gb Free Space | 26,65% Space Free | Partition Type: NTFS Drive I: | 232,88 Gb Total Space | 200,90 Gb Free Space | 86,26% Space Free | Partition Type: NTFS Drive K: | 1396,92 Gb Total Space | 972,87 Gb Free Space | 69,64% Space Free | Partition Type: FAT32 Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.27 20:32:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe PRC - [2012.05.08 18:44:45 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:44:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:44:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.08.03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.02.09 14:59:54 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.12.24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.12.24 17:34:10 | 000,058,664 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe PRC - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.09.12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.09.12 14:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe MOD - [2009.02.09 14:59:56 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.02.09 14:59:52 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.05.23 20:56:54 | 000,841,472 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV:64bit: - [2010.05.23 20:56:39 | 000,506,112 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV:64bit: - [2009.03.20 15:01:04 | 000,034,560 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2012.06.27 19:39:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.26 22:21:40 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.17 21:37:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 18:44:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 18:44:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.26 22:57:00 | 003,822,544 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 15:01:04 | 000,028,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2008.12.24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (CyberLink Media Server Service) SRV - [2008.12.24 17:34:10 | 000,058,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe -- (CyberLink Media Server Monitor Service) SRV - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.09.12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 18:44:45 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 18:44:45 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.09.29 09:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.10.18 20:20:42 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009.10.18 20:20:42 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.08 15:35:57 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt) DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.04.08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21) DRV:64bit: - [2009.02.20 12:10:00 | 000,191,392 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.01.13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2009.01.13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2009.01.13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.01.13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2008.11.21 03:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2008.10.27 12:06:00 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2008.10.27 12:06:00 | 000,022,064 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2008.10.27 12:06:00 | 000,020,528 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDNServ.sys -- (mwlPSDNServ) DRV:64bit: - [2008.09.12 13:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2007.06.29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3810 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE343 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?brand=ACAW&bmod=ACEU" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009.08.23 23:56:10 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009.08.23 23:56:10 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tobi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.06.20 21:02:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2012.06.20 21:02:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.06.20 21:02:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2012.06.20 21:02:12 | 000,000,000 | ---D | M] [2009.08.08 15:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2012.06.26 19:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions [2012.03.29 19:29:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.11 10:34:23 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011.09.11 23:21:48 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\69dxahqx.default\extensions\netvideohunter@netvideohunter.com [2009.08.08 15:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.01.06 00:21:06 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\69DXAHQX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.19 21:27:31 | 000,014,108 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\69DXAHQX.DEFAULT\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI [2011.08.25 21:30:42 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\69DXAHQX.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2009.08.27 19:36:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{531B9702-5D93-4F39-A56C-08A04EE4C0E1}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B69082-9DC4-40DA-BD2B-AED4273EB83B}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.05 14:42:40 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008.10.24 14:30:10 | 000,000,088 | R--- | M] () - K:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0ae0a23d-99a4-11df-9a26-ef9eb5724470}\Shell - "" = AutoRun O33 - MountPoints2\{0ae0a23d-99a4-11df-9a26-ef9eb5724470}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O33 - MountPoints2\{2023da17-83c0-11df-a2f0-f3f6342661cc}\Shell - "" = AutoRun O33 - MountPoints2\{2023da17-83c0-11df-a2f0-f3f6342661cc}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{2023da32-83c0-11df-a2f0-f3f6342661cc}\Shell - "" = AutoRun O33 - MountPoints2\{2023da32-83c0-11df-a2f0-f3f6342661cc}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{b64c318e-8420-11de-a71e-001f16f2409b}\Shell - "" = AutoRun O33 - MountPoints2\{b64c318e-8420-11de-a71e-001f16f2409b}\Shell\AutoRun\command - "" = H:\Cat_Girl_Alliance_Setup.exe O33 - MountPoints2\{bca729b1-0077-11df-86ea-9f5aa7d4eee3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Play.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 20:32:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.06.26 18:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD [2012.06.20 21:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.20 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.20 21:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.20 21:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.20 21:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.18 19:36:38 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Anno 1503 [2012.06.17 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru Games [2012.06.17 19:53:17 | 1608,421,237 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Tobi\Desktop\gbs_de_setup_last.exe [2012.06.17 18:57:47 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\backup [2012.06.17 13:42:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\roxy [2012.06.14 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC4_Censored [2012.06.14 22:18:28 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC3_Censored [2012.06.14 22:18:24 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC2_Censored [2012.06.14 22:18:12 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\BorderlandsDLC1_Censored [2012.06.11 21:19:37 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\delToro_Vampir03 [2012.06.11 21:17:31 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Trudi [2012.06.11 19:18:18 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Macromedia [2012.06.03 21:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.06.03 21:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.06.03 18:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2012.06.03 14:45:00 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\borderlands [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Tobi\AppData\Local\*.tmp files -> C:\Users\Tobi\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.27 21:20:17 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.27 21:20:17 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.27 21:20:17 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.27 21:20:17 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.27 21:20:17 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.27 21:14:28 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.06.27 21:14:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.27 21:13:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 21:13:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 21:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.27 21:13:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.06.27 21:12:20 | 000,000,188 | ---- | M] () -- C:\Users\Tobi\defogger_reenable [2012.06.27 21:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.27 20:34:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.27 20:32:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.06.27 20:30:35 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.06.27 19:16:06 | 000,121,344 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.26 18:53:18 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\ANNO 1503 GOLD spielen.lnk [2012.06.25 20:20:38 | 026,483,027 | ---- | M] () -- C:\Users\Tobi\Desktop\vidz_Cute_latina_chubby_busty_fingering_wcns.flv [2012.06.25 20:20:02 | 025,867,041 | ---- | M] () -- C:\Users\Tobi\Desktop\vidz_Hot_loud_asian_chick_toys_pussy_fingers_ass_wcws.flv [2012.06.25 20:18:53 | 017,275,841 | ---- | M] () -- C:\Users\Tobi\Desktop\vidz_Hot_busty_latina_strips_deep_fingers_shaved_pussy_wc.flv [2012.06.25 20:13:37 | 006,301,500 | ---- | M] () -- C:\Users\Tobi\Desktop\13402698750eb36.flv [2012.06.21 22:36:08 | 383,429,604 | ---- | M] () -- C:\Users\Tobi\Desktop\5154444.flv [2012.06.21 21:41:15 | 221,974,564 | ---- | M] () -- C:\Users\Tobi\Desktop\5169460.flv [2012.06.21 21:07:05 | 000,000,907 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.06.18 20:10:56 | 000,000,276 | ---- | M] () -- C:\Windows\wininit.ini [2012.06.17 20:48:47 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\Gunblade Saga.lnk [2012.06.17 20:37:58 | 1608,421,237 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Tobi\Desktop\gbs_de_setup_last.exe [2012.06.17 19:01:38 | 000,000,687 | ---- | M] () -- C:\Users\Tobi\Desktop\Civilization4.exe - Verknüpfung.lnk [2012.06.15 21:54:49 | 000,076,059 | ---- | M] () -- C:\Users\Tobi\Desktop\porsche-bei-mobilede.jpg [2012.06.15 21:34:53 | 000,055,860 | ---- | M] () -- C:\Users\Tobi\Desktop\schneebilder-an-autos.jpg [2012.06.14 21:43:08 | 003,082,777 | ---- | M] () -- C:\Users\Tobi\Desktop\rld-c417.rar [2012.06.14 21:22:44 | 2085,459,622 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC3_Censored.zip [2012.06.14 21:14:21 | 1608,493,771 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC4_Censored.zip [2012.06.14 20:23:49 | 1164,208,343 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC1_Censored.zip [2012.06.14 19:45:34 | 531,002,057 | ---- | M] () -- C:\Users\Tobi\Desktop\BorderlandsDLC2_Censored.zip [2012.06.13 18:56:50 | 000,352,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:12:35 | 009,861,643 | ---- | M] () -- C:\Users\Tobi\Desktop\House Music Vingretto- Vine-Bonkers Remix.mp3 [2012.06.05 22:18:05 | 007,583,179 | ---- | M] () -- C:\Users\Tobi\Desktop\Jan Delay - Irgendwie, Irgendwo, Irgendwann (Musikvideo).mp3 [2012.06.05 21:55:07 | 007,892,469 | ---- | M] () -- C:\Users\Tobi\Desktop\Deichkind - Bück dich hoch.mp3 [2012.06.03 21:26:54 | 000,831,248 | ---- | M] () -- C:\Users\Tobi\Desktop\atation.png [2012.05.31 22:55:54 | 009,932,947 | ---- | M] () -- C:\Users\Tobi\Desktop\Metallica - Enter Sandman.mp3 [2012.05.31 22:55:21 | 006,468,900 | ---- | M] () -- C:\Users\Tobi\Desktop\Lagwagon - Brown eyed girl.mp3 [2012.05.31 22:45:04 | 007,213,457 | ---- | M] () -- C:\Users\Tobi\Desktop\DJ Delicious presents Phunk-A-Delic vs. Akon - Rockin vs. Smack That (MasterMix) HD.mp3 [2012.05.31 22:31:03 | 009,430,560 | ---- | M] () -- C:\Users\Tobi\Desktop\Genesis - I cant dance (1991).mp3 [2012.05.31 22:05:33 | 006,250,475 | ---- | M] () -- C:\Users\Tobi\Desktop\Mike Candys 2012 (If the world would end) HD.mp3 [2012.05.31 21:57:48 | 006,592,366 | ---- | M] () -- C:\Users\Tobi\Desktop\Back in Time-Pitbull (Official Video).mp3 [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Tobi\AppData\Local\*.tmp files -> C:\Users\Tobi\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.27 21:18:39 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\U\800000cb.@ [2012.06.27 21:18:39 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\U\80000000.@ [2012.06.27 21:12:19 | 000,000,188 | ---- | C] () -- C:\Users\Tobi\defogger_reenable [2012.06.27 20:30:28 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.06.27 19:39:34 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\U\00000001.@ [2012.06.26 18:53:18 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\ANNO 1503 GOLD spielen.lnk [2012.06.25 20:16:10 | 026,483,027 | ---- | C] () -- C:\Users\Tobi\Desktop\vidz_Cute_latina_chubby_busty_fingering_wcns.flv [2012.06.25 20:15:48 | 017,275,841 | ---- | C] () -- C:\Users\Tobi\Desktop\vidz_Hot_busty_latina_strips_deep_fingers_shaved_pussy_wc.flv [2012.06.25 20:15:35 | 025,867,041 | ---- | C] () -- C:\Users\Tobi\Desktop\vidz_Hot_loud_asian_chick_toys_pussy_fingers_ass_wcws.flv [2012.06.25 20:13:31 | 006,301,500 | ---- | C] () -- C:\Users\Tobi\Desktop\13402698750eb36.flv [2012.06.21 21:12:41 | 383,429,604 | ---- | C] () -- C:\Users\Tobi\Desktop\5154444.flv [2012.06.21 21:12:25 | 221,974,564 | ---- | C] () -- C:\Users\Tobi\Desktop\5169460.flv [2012.06.21 21:07:05 | 000,000,907 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.06.17 20:48:47 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\Gunblade Saga.lnk [2012.06.17 19:01:38 | 000,000,687 | ---- | C] () -- C:\Users\Tobi\Desktop\Civilization4.exe - Verknüpfung.lnk [2012.06.15 21:54:49 | 000,076,059 | ---- | C] () -- C:\Users\Tobi\Desktop\porsche-bei-mobilede.jpg [2012.06.15 21:34:52 | 000,055,860 | ---- | C] () -- C:\Users\Tobi\Desktop\schneebilder-an-autos.jpg [2012.06.14 21:43:04 | 003,082,777 | ---- | C] () -- C:\Users\Tobi\Desktop\rld-c417.rar [2012.06.14 19:05:41 | 1164,208,343 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC1_Censored.zip [2012.06.14 19:05:34 | 531,002,057 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC2_Censored.zip [2012.06.14 19:05:29 | 2085,459,622 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC3_Censored.zip [2012.06.14 19:05:21 | 1608,493,771 | ---- | C] () -- C:\Users\Tobi\Desktop\BorderlandsDLC4_Censored.zip [2012.06.12 20:12:11 | 009,861,643 | ---- | C] () -- C:\Users\Tobi\Desktop\House Music Vingretto- Vine-Bonkers Remix.mp3 [2012.06.05 22:17:58 | 007,583,179 | ---- | C] () -- C:\Users\Tobi\Desktop\Jan Delay - Irgendwie, Irgendwo, Irgendwann (Musikvideo).mp3 [2012.06.05 21:54:57 | 007,892,469 | ---- | C] () -- C:\Users\Tobi\Desktop\Deichkind - Bück dich hoch.mp3 [2012.06.03 21:29:57 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.03 21:29:56 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.03 21:26:42 | 000,831,248 | ---- | C] () -- C:\Users\Tobi\Desktop\atation.png [2012.05.31 22:55:37 | 009,932,947 | ---- | C] () -- C:\Users\Tobi\Desktop\Metallica - Enter Sandman.mp3 [2012.05.31 22:55:11 | 006,468,900 | ---- | C] () -- C:\Users\Tobi\Desktop\Lagwagon - Brown eyed girl.mp3 [2012.05.31 22:44:51 | 007,213,457 | ---- | C] () -- C:\Users\Tobi\Desktop\DJ Delicious presents Phunk-A-Delic vs. Akon - Rockin vs. Smack That (MasterMix) HD.mp3 [2012.05.31 22:30:46 | 009,430,560 | ---- | C] () -- C:\Users\Tobi\Desktop\Genesis - I cant dance (1991).mp3 [2012.05.31 22:05:25 | 006,250,475 | ---- | C] () -- C:\Users\Tobi\Desktop\Mike Candys 2012 (If the world would end) HD.mp3 [2012.05.31 21:57:36 | 006,592,366 | ---- | C] () -- C:\Users\Tobi\Desktop\Back in Time-Pitbull (Official Video).mp3 [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.11 22:54:53 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\@ [2012.01.11 22:54:53 | 000,002,048 | -HS- | C] () -- C:\Users\Tobi\AppData\Local\{a20d3016-d7b2-ac67-eee1-ad6b64dc116a}\@ [2011.12.21 01:10:28 | 000,121,344 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.14 22:01:38 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.13 18:27:42 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.02 04:09:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.29 20:01:00 | 000,000,276 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.09 14:31:17 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\196BABF93E.sys [2010.10.09 14:21:06 | 000,003,766 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2010.01.25 21:20:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.12.14 11:49:49 | 000,000,187 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\default.rss ========== LOP Check ========== [2009.09.11 22:47:08 | 000,000,000 | -HSD | M] -- C:\Users\Tobi\AppData\Roaming\.# [2012.04.25 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\.minecraft [2011.02.19 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\2K Sports [2006.10.10 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Acer GameZone Console [2011.08.25 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Azureus [2010.11.30 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\bizarre creations [2010.07.24 16:31:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Camfrog [2011.07.25 14:44:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Cat Girl Alliance [2009.08.08 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DAEMON Tools Lite [2012.06.17 20:52:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Desktopicon [2012.01.11 00:28:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Doublefine [2010.03.09 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\EBookSys [2009.08.29 10:34:23 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Eltima Software [2009.08.08 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\eSobi [2009.12.06 19:18:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FFSJ [2011.03.06 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FreeAudioPack [2012.03.24 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Gutscheinmieze [2011.09.13 19:28:28 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Hobbyist Software [2009.08.08 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\HomeMedia Connect [2010.12.29 16:39:02 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Hothead Games [2012.06.25 22:30:37 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ICQ [2009.09.01 18:37:22 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Image Zone Express [2010.09.11 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech [2011.05.28 19:14:07 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Lionhead Studios [2012.01.15 03:57:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ManyCam [2010.09.17 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Need for Speed World [2009.11.23 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\NPLUTO Corporation [2011.08.19 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ooVoo Details [2010.02.22 21:05:50 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\OpenOffice.org [2009.12.30 12:29:07 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\play2p [2009.08.22 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\PowerCinema [2009.08.26 06:55:00 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Printer Info Cache [2010.05.22 14:41:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ProtectDisc [2010.12.29 18:44:40 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\runic games [2010.10.31 16:38:13 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Samsung [2010.05.29 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SEGA Corporation [2009.08.08 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SoftDMA [2010.03.08 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\thriXXX [2009.08.08 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Toolbars [2010.05.23 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TuneUp Software [2010.11.02 11:46:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Ubisoft [2012.06.27 21:14:28 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2012.06.27 21:12:35 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 55992 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Und hier die Extras.txt: OTL Extras logfile created on: 27.06.2012 21:18:12 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Tobi\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,74% Memory free 16,05 Gb Paging File | 14,04 Gb Available in Paging File | 87,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,32 Gb Total Space | 18,05 Gb Free Space | 5,29% Space Free | Partition Type: NTFS Drive D: | 341,32 Gb Total Space | 90,95 Gb Free Space | 26,65% Space Free | Partition Type: NTFS Drive I: | 232,88 Gb Total Space | 200,90 Gb Free Space | 86,26% Space Free | Partition Type: NTFS Drive K: | 1396,92 Gb Total Space | 972,87 Gb Free Space | 69,64% Space Free | Partition Type: FAT32 Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = CF DE A6 C3 46 76 CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPOCR" = HP OCR Software 8.0 "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0AC07A77-0511-4904-9FA1-616DC9BEF50D}" = Gunblade Saga "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600 "{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads! "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6 "{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}" = Top Spin 2 "{4d8dae03-04c6-4b20-9782-869936ca8aff}" = Nero 9 "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{4DCD596A-3C70-4175-8241-5947E1CCE312}_is1" = Cat Girl Alliance 1.0 "{50E4FCC7-90B9-48C6-9D17-7AE66F282878}" = Juiced2_HIN "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56ABA277-EE53-4478-A607-FA42208FF5A9}" = Menu Templates - Pack 1 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{57250E78-F6E2-4DCE-9A84-50B28A70AB84}" = Menu Templates - Pack 3 "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R) "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3 "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924306A0-2C14-4F4E-8201-0B0791DA10B4}_is1" = Cradle of Persia "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AB8E6CE-CE6D-43A0-B54E-422425524FF9}" = Menu Templates - Pack 2 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI "{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads! "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age Of Japan_is1" = Age Of Japan "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira Free Antivirus "Burger Shop1.0" = Burger Shop "Camfrog 5.5" = Camfrog Video Chat 5.5 "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis "EA Download Manager" = EA Download Manager "eMule" = eMule "Farm Frenzy" = Farm Frenzy "Grotesque-Tactics" = Grotesque-Tactics 1.0.0.4 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM) "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Logitech Vid" = Logitech Vid HD "ManyCam" = ManyCam 2.6.65 (remove only) "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OnlineFotoservice" = OnlineFotoservice "OpenAL" = OpenAL "Pflanzen gegen Zombies" = Pflanzen gegen Zombies "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Sexy Beach 3 - Complete English Edition" = Sexy Beach 3 - Complete English Edition (remove only) "Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed "Steam App 10150" = Prototype "Steam App 102600" = Orcs Must Die! "Steam App 105400" = Fable III "Steam App 105600" = Terraria "Steam App 107100" = Bastion "Steam App 115100" = Costume Quest "Steam App 200910" = Sequence "Steam App 32470" = Star Wars: Empire at War Gold "Steam App 33440" = Driver San Francisco "Steam App 36630" = Rusty Hearts "Steam App 38120" = Farm Frenzy "Steam App 38130" = Farm Frenzy 2 "Steam App 38140" = Farm Frenzy Pizza Party "Steam App 38150" = Farm Frenzy 3 "Steam App 38160" = Farm Frenzy 3 American Pie "Steam App 44320" = DiRT 3 "Steam App 55100" = Homefront "Steam App 55230" = Saints Row: The Third "Steam App 55370" = Saints Row: The Third - Initiation Station "Steam App 57900" = Duke Nukem Forever "Steam App 73010" = Cities in Motion "Steam App 8190" = Just Cause 2 "SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106) "The Next BIG Thing (de)" = The Next BIG Thing (Deutsch) "thriXXX WebLaunch" = thriXXX WebLaunch "Venetica_is1" = Venetica "VLC media player" = VLC media player 1.0.1 "VLC Streamer_is1" = VLC Streamer 1.36 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update "ZUXXEZ Entertainment AG Enclave" = Enclave ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.04.2011 14:43:44 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.04.2011 14:43:59 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 05:17:53 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 22.04.2011 05:17:53 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 22.04.2011 05:18:08 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 23.04.2011 06:25:56 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 23.04.2011 06:25:56 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 23.04.2011 06:26:11 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 23.04.2011 06:26:19 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error - 23.04.2011 06:26:19 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. [ Media Center Events ] Error - 19.06.2010 06:14:17 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (1524.1128) Error - 19.06.2010 06:14:17 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (1524.1129) Error - 20.06.2010 09:46:37 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (332.1128) Error - 20.06.2010 09:46:37 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (332.1129) Error - 27.06.2010 05:44:27 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (2432.1128) Error - 27.06.2010 05:44:27 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (2432.1129) Error - 11.09.2010 18:21:26 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (4160.1128) Error - 11.09.2010 18:21:26 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (4160.1129) Error - 12.09.2010 06:41:08 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Fehler beim Herstellen der Internetverbindung. (4272.1128) Error - 12.09.2010 06:41:08 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = Serververbindung konnte nicht hergestellt werden.. (4272.1129) [ System Events ] Error - 26.06.2012 12:40:36 | Computer Name = Tobi-PC | Source = DCOM | ID = 10000 Description = Error - 26.06.2012 16:24:28 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7009 Description = Error - 26.06.2012 16:24:28 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.06.2012 13:01:16 | Computer Name = Tobi-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.06.2012 13:02:44 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.06.2012 13:02:48 | Computer Name = Tobi-PC | Source = DCOM | ID = 10000 Description = Error - 27.06.2012 15:13:22 | Computer Name = Tobi-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.06.2012 15:14:09 | Computer Name = Tobi-PC | Source = DCOM | ID = 10000 Description = Error - 27.06.2012 15:15:04 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7023 Description = Error - 27.06.2012 15:15:04 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026 Description = [ TuneUp Events ] Error - 14.11.2010 12:02:02 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-14 17:02:02', '\device\harddiskvolume3\spiele\assassin's creed\assassinscreed_dx10.exe','4112',0) Error - 15.11.2010 14:14:53 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-15 19:14:53', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','3920',0) Error - 18.11.2010 13:56:14 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-18 18:56:14', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','2816',0) Error - 22.11.2010 13:50:13 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-22 18:50:13', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','2928',0) Error - 26.11.2010 16:18:53 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-26 21:18:53', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','4152',0) Error - 27.11.2010 06:29:07 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-27 11:29:07', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','4476',0) Error - 28.11.2010 05:25:32 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-28 10:25:32', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','1040',0) Error - 29.11.2010 14:06:40 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-29 19:06:40', '\device\harddiskvolume3\spiele\assassin's creed\register\registrationreminder.exe','3424',0) Error - 08.01.2011 07:44:47 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-01-08 12:44:47', '\device\harddiskvolume3\spiele\assassin's creed\assassinscreed_dx10.exe','5964',0) Error - 30.01.2011 11:27:22 | Computer Name = Tobi-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-01-30 16:27:22', '\device\harddiskvolume2\program files (x86)\steam\steamapps\common\sid meier's pirates!\pirates!.exe','860',0) < End of report > Habe beide Dateien auch mal angehängt. Weitere Programme habe ich nicht bzw. nicht eingesetzt. Sollten noch Angaben fehlen, sagt mir bitte Bescheid. Hoffe ich finde hier Hilfe in einer Form, wo ich mein System nicht neu aufsetzen muss. |
hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Hallo, hier das Log von combofix Combofix Logfile: Code: ComboFix 12-06-28.01 - Tobi 28.06.2012 21:18:04.1.4 - x64 |
hi c:\windows\system32\services.exe bitte mal hochladen: Trojaner-Board Upload Channel wenn fertig, bescheid geben bitte |
Hallo, die Datei ist hochgeladen. |
danke nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches? |
Hallo, hauptsächlich nutze ich den Rechner zum Spielen, ab und an mal zum Online Banking. Beruflich nutze ich ihn gar nicht. Skype kommt auch noch relativ regelmäßig dazu. |
hi, bank bitte anrufen, notfall nummer da wochenende, 116 116 banking wegen zero access sperren lassen. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen. |
Hallo, Online Banking ist gesperrt, Autorun deaktiviert, an Parted Magic kann ich mich erst morgen nach der Arbeit dran machen, Passwörter werden gerade geändert (über Netbook). Habe aber nochmal einige Fragen: - Kann ich mein System mit den drei Recovery CDs von Vista neu aufsetzen? (Ist ein Fertig PC, Acer Aspire AX 3810) - Machen die Absicherungsmaßnahmen jetzt noch Sinn oder erst nach Neuinstallation des Rechners? - Zum OnlineBanking: Nutze dafür keine Software wie StarMoney oder einen ChipCard Reader. Bekomme lediglich die TAN Nummern per SMS aufs Handy. Machen diese zusätzlichen Schutzmaßnahmen Sinn? Bin dir schon jetzt total dankbar für deine Hilfe. |
- Kann ich mein System mit den drei Recovery CDs von Vista neu aufsetzen? (Ist ein Fertig PC, Acer Aspire AX 3810) dafür sind die da :-) - absichern natürlich auf dem neuen system :-) - Zum OnlineBanking: Nutze dafür keine Software wie StarMoney oder einen ChipCard Reader. Bekomme lediglich die TAN Nummern per SMS aufs Handy. Machen diese zusätzlichen Schutzmaßnahmen Sinn? starmoney und chiptan sind momentan das sicherste, also, klares ja ist gern geschehen |
[QUOTE=markusg;854435]5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. Kurze Frage dazu noch: Mit den Tools die in dem Link zur Absicherung genannt sind oder hast du spezielle Empfehlungen? |
hi, mach doch erst mal alles mit der ruhe, vor dem scannen der daten ist ja noch genug zu tun :-) |
Alle Zeitangaben in WEZ +1. Es ist jetzt 22:07 Uhr. |
Copyright ©2000-2024, Trojaner-Board