| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SUIVA-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.08.2012, 11:31
| #1 |
| |  SUIVA-Trojaner Ich surfte ahnungslos im Internet, als plötzlich ein Piepsgeräusch mit ungefähr folgender Meldung kam: "Ihr Computer wurde gesperrt, da sich illegale Raubkopien auf Ihrem Computer befinden..." Ich müsse 75 Franken an eine Sicherheitsfirma bezahlen...usw. Nun kann ich mich nur noch als Gast anmelden, dort funktioniert alles normal. Mit meinem Hauptlogin (wo alle Daten etc. drauf sind) kann ich mich zwar anmelden, danach kommt aber sogleich die oben genannte Meldung und es geht nichts mehr. Einzige Möglichkeit bietet mir dann (mit Ctrl + Alt + Del) den Task-manager zu starten oder mich als Gast anzumelden... Mit dem Gast-account habe ich "defogger" gespeichert und CD/DVD-Emulatoren deaktiviert. Ebenso habe ich OTL heruntergeladen und als Administrator ausgeführt. Hier die OTL.txt und Extras.txt: OTL.txt: OTL logfile created on: 8/16/2012 12:13:24 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Gast\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.68 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 52.64% Memory free 7.35 Gb Paging File | 4.97 Gb Available in Paging File | 67.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.66 Gb Total Space | 326.29 Gb Free Space | 72.08% Space Free | Partition Type: NTFS Computer Name: SIMONE-PC | User Name: Simone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Simone\AppData\Local\Temp\half-open-limit-check.exe () PRC - C:\Users\Gast\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\4AF997A96AAE3A\4AF997A96AAE3A.exe () PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Simone\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) ========== Modules (No Company Name) ========== MOD - C:\Users\Simone\AppData\Local\Temp\half-open-limit-check.exe () MOD - C:\ProgramData\4AF997A96AAE3A\4AF997A96AAE3A.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtWebKit4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtXmlPatterns4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtDeclarative4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\libvlccore.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtScript4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtSql4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\libvlc.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtGui4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtCore4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtNetwork4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\QtXml4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\imageformats\qmng4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\imageformats\qjpeg4.dll () MOD - C:\Users\Simone\AppData\Local\MediaGet2\imageformats\qgif4.dll () MOD - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (ODDPwrSvc) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (vToolbarUpdater12.1.5) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_5820tg&r=27360810t106l0453z1m5t6651k301 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_5820tg&r=27360810t106l0453z1m5t6651k301 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_5820tg&r=27360810t106l0453z1m5t6651k301 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_5820tg&r=27360810t106l0453z1m5t6651k301 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_5820tg&r=27360810t106l0453z1m5t6651k301 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://findgala.com/?&uid=5605&q={searchTerms} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10396&src=crm&q={searchTerms}&locale=de_CH&apn_ptnrs=^ABU&apn_dtid=^YYYYYY^YY^CH&apn_uid=97dbe3f4-e881-4522-b554-e7fb7d1b1039&apn_sauid=163D0078-9793-406C-897F-54E074D73FE3 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deCH395CH395 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={10910711-61F6-4720-BA10-03C49D83E204}&mid=9967070e8c9e48b285a8804cced7d794-ea1d38db38a84cb4f7253d640b4cd723215e5868&lang=de&ds=hk011&pr=sa&d=2012-07-29 18:08:50&v=12.1.0.21&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10396&locale=de_CH&apn_uid=97dbe3f4-e881-4522-b554-e7fb7d1b1039&apn_ptnrs=%5EABU&apn_sauid=163D0078-9793-406C-897F-54E074D73FE3&apn_dtid=%5EYYYYYY%5EYY%5ECH&&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_2_161.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 16:38:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 16:38:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/29 18:08:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 12:58:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/02 18:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simone\AppData\Roaming\mozilla\Extensions [2012/08/16 11:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simone\AppData\Roaming\mozilla\Firefox\Profiles\soksiail.default\extensions [2012/08/16 11:25:42 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Simone\AppData\Roaming\mozilla\Firefox\Profiles\soksiail.default\extensions\toolbar@ask.com [2012/08/16 12:05:39 | 000,002,344 | ---- | M] () -- C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\soksiail.default\searchplugins\askcom.xml [2012/05/02 18:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/07/29 18:08:46 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [4AF997A96AA8ED] C:\ProgramData\4AF997A96AA8ED\4AF997A96AA8ED.exe () O4 - HKCU..\Run: [4AF997A96AAC38] C:\ProgramData\4AF997A96AAC38\4AF997A96AAC38.exe () O4 - HKCU..\Run: [4AF997A96AAE3A] C:\ProgramData\4AF997A96AAE3A\4AF997A96AAE3A.exe () O4 - HKCU..\Run: [4AF997A96AB26F] C:\ProgramData\4AF997A96AB26F\4AF997A96AB26F.exe () O4 - HKCU..\Run: [MediaGet2] C:\Users\Simone\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explorer.lnk = C:\ProgramData\4AF997A96AB26F\4AF997A96AB26F.exe () O4 - Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: culturalcare.com ([applych] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93BB9495-CC31-4323-A40B-18CF2BB2C4B5}: DhcpNameServer = 138.188.101.186 138.188.101.189 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5DF774A-1FA8-440E-BB5E-ECE0446AEAE8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF88079-09D8-4877-9BB9-3AD3F1D9E846}: DhcpNameServer = 192.168.1.21 8.8.8.8 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{fc9eaf04-6409-11e0-b27c-c80aa9c616ac}\Shell - "" = AutoRun O33 - MountPoints2\{fc9eaf04-6409-11e0-b27c-c80aa9c616ac}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/16 11:58:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/16 11:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/08/16 11:25:27 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\AskToolbar [2012/08/16 11:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/08/16 11:22:40 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{987D9410-2C11-4BD2-BA7B-4E738D4820A7} [2012/08/16 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{140A5640-986F-4A74-9639-6239C08BFB46} [2012/08/15 20:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\4AF997A96AB26F [2012/08/15 20:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\4AF997A96AAE3A [2012/08/15 20:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\4AF997A96AAC38 [2012/08/15 20:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4AF997A96AA8ED [2012/08/15 18:15:56 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{FA051A83-E157-4638-81A0-18DF0A158337} [2012/08/15 18:15:39 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{863B5ED4-6B4D-42B1-B43E-63238005A849} [2012/08/14 11:37:39 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{60AC519C-029B-4A0F-A834-AFE2F4337E7C} [2012/08/14 11:37:18 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{8347BAE0-6DAE-4BB7-B192-E61F52AF7714} [2012/08/13 09:20:24 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{73D72A88-C597-413E-8040-C3013718705F} [2012/08/13 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{024F0892-00B9-4A4D-A0D4-ADCB44F56F44} [2012/08/11 23:34:56 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{A30C1431-689B-4B8B-8137-AFE021E821A4} [2012/08/11 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{12E7EEBA-2E5D-47FE-B5C0-560C6FDD4E8F} [2012/08/10 19:01:26 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{6ED0A180-FB99-40EB-B5A5-8922CB53B5FD} [2012/08/10 19:01:09 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{35210DA1-96ED-4D45-A1FE-BB096DFE07D1} [2012/08/09 21:37:01 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{3EE76D0C-5010-494F-A19D-FE3593D60B90} [2012/08/09 21:36:37 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{60AF1C97-12CF-47DA-88B2-4C675244FD55} [2012/08/08 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{2AE29704-CCED-4525-B7DC-57086C734941} [2012/08/08 22:52:15 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{7A7DCA7F-55F5-41A7-B10C-9ED6FD88F87B} [2012/08/07 14:36:34 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{EDE2A0ED-CD16-466E-A4C6-AA83561B52DD} [2012/08/07 14:36:21 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{1C09EFB2-E4C7-41C9-A024-B2AA0980ECA9} [2012/08/06 16:33:29 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{D2C1DBA8-0A38-4032-B494-18CD2D8E625C} [2012/08/06 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{A39F2DA1-6C8A-48AB-B577-74AAFDD4E34C} [2012/08/05 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{0B6A0EEB-43D0-4724-A991-34B27656237F} [2012/08/05 22:08:24 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{C58AD744-8B89-4E4B-B265-5B461A5BB89A} [2012/08/04 10:10:17 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{0390F3B2-4988-4877-8865-D34DB300D248} [2012/08/04 10:09:52 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{E85C9F20-E2BF-4079-86BD-6E529227963A} [2012/08/03 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{D9E02864-FE4E-4F0D-9434-664042F9DD4C} [2012/08/03 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{F3187566-0B95-4649-9767-C2680E2FE475} [2012/08/02 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{CB854D9A-3AFA-4C3F-8121-EF987654197A} [2012/08/02 10:51:58 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{FD8CA4F2-50C8-4E10-9BFD-A0E611163005} [2012/07/31 12:30:42 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{F9C338F8-84E0-45B5-B7E0-030E049855B1} [2012/07/31 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{4016B180-9985-4A6A-9EC1-7269B9385D82} [2012/07/30 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{1E25866C-6E8C-418A-90C1-E251FA6B4D4E} [2012/07/30 14:01:35 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{9FE0AF6B-22C3-4949-88C2-36CD4ED5BB0A} [2012/07/29 18:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012/07/29 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\winzip [2012/07/29 18:08:55 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\AVG Secure Search [2012/07/29 18:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/07/29 18:08:50 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012/07/29 18:08:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/07/29 18:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/07/29 14:54:28 | 000,000,000 | ---D | C] -- C:\Users\Simone\Desktop\New York 19.7.- 27.7.12 [2012/07/29 14:50:10 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{B41618BF-0B4C-4E51-8A9D-9D889CD7FE20} [2012/07/29 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{F03360E0-8443-4E98-8822-698AC397F13B} [2012/07/28 08:12:53 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{C22767F2-6F7E-4960-9708-1E88FD587788} [2012/07/28 08:12:42 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{221937D7-669E-43ED-A836-09A6E51C76AA} [2012/07/27 20:12:00 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{8DC11707-00E1-4A57-996A-0332FBE77101} [2012/07/27 20:11:57 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{17B1167E-9ADF-4BED-8BE3-F7E0630087FC} [2012/07/18 14:56:53 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{97EB865B-FB08-4CF8-A36C-68413C55629E} [2012/07/18 14:56:40 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{F2B18FFF-50DB-4EBE-B21B-60B9FD4ED91C} [2012/07/17 19:03:57 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{824FC97D-13C7-4A63-88EB-BECA13E49ACA} [2012/07/17 19:03:26 | 000,000,000 | ---D | C] -- C:\Users\Simone\AppData\Local\{A98448F9-CD5B-4F50-A046-67EDB91B5E12} [1 C:\Users\Simone\Desktop\*.tmp files -> C:\Users\Simone\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/16 12:12:32 | 000,000,000 | ---- | M] () -- C:\Users\Simone\defogger_reenable [2012/08/16 12:11:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/16 12:11:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/16 12:05:33 | 000,003,072 | ---- | M] () -- C:\Users\Simone\AppData\Roaming\twain.dll [2012/08/16 12:03:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/16 12:02:55 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2012/08/16 11:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/15 21:23:13 | 000,430,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/15 20:08:58 | 000,000,810 | ---- | M] () -- C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explorer.lnk [2012/08/13 18:04:08 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/13 18:04:08 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/08/13 18:04:08 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/13 18:04:08 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/08/13 18:04:08 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/11 00:08:31 | 008,285,454 | ---- | M] () -- C:\Users\Simone\Desktop\Pitbull - Back In Time.mp3 [2012/08/10 23:47:52 | 007,854,607 | ---- | M] () -- C:\Users\Simone\Desktop\Carly Rae Jepsen - Call Me Maybe.mp3 [2012/08/10 23:11:01 | 004,196,577 | ---- | M] () -- C:\Users\Simone\Desktop\Klein Simoni.png [2012/08/09 22:47:55 | 002,950,682 | ---- | M] () -- C:\Users\Simone\Desktop\Unbenannt1.png [2012/08/06 22:18:49 | 000,070,230 | ---- | M] () -- C:\Users\Simone\Desktop\SP Annina.pdf [2012/08/03 15:18:23 | 000,061,172 | ---- | M] () -- C:\Users\Simone\Desktop\Der Denker greift ein- Christine N..pdf [2012/08/03 15:14:14 | 000,094,662 | ---- | M] () -- C:\Users\Simone\Desktop\Textueberarbeitung_01.pdf [2012/08/03 15:13:57 | 000,056,820 | ---- | M] () -- C:\Users\Simone\Desktop\Satzanfaenge_fuer_Aufsaetze.pdf [2012/08/02 10:54:51 | 001,881,931 | ---- | M] () -- C:\Users\Simone\Desktop\hires-28Jul2012__Silvia_Lelli_5397.jpg [2012/07/30 22:55:51 | 000,765,603 | ---- | M] () -- C:\Users\Simone\Desktop\Pink.png [2012/07/30 22:54:14 | 000,761,571 | ---- | M] () -- C:\Users\Simone\Desktop\Unbenannt.png [2012/07/29 18:08:50 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012/07/27 20:25:30 | 000,069,721 | ---- | M] () -- C:\Users\Simone\Desktop\Studenplan H12.pdf [1 C:\Users\Simone\Desktop\*.tmp files -> C:\Users\Simone\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/16 12:12:32 | 000,000,000 | ---- | C] () -- C:\Users\Simone\defogger_reenable [2012/08/15 20:09:20 | 000,003,072 | ---- | C] () -- C:\Users\Simone\AppData\Roaming\twain.dll [2012/08/15 20:08:55 | 000,000,810 | ---- | C] () -- C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explorer.lnk [2012/08/11 00:06:51 | 008,285,454 | ---- | C] () -- C:\Users\Simone\Desktop\Pitbull - Back In Time.mp3 [2012/08/10 23:47:04 | 007,854,607 | ---- | C] () -- C:\Users\Simone\Desktop\Carly Rae Jepsen - Call Me Maybe.mp3 [2012/08/10 23:11:01 | 004,196,577 | ---- | C] () -- C:\Users\Simone\Desktop\Klein Simoni.png [2012/08/09 22:43:00 | 002,950,682 | ---- | C] () -- C:\Users\Simone\Desktop\Unbenannt1.png [2012/08/06 22:18:49 | 000,070,230 | ---- | C] () -- C:\Users\Simone\Desktop\SP Annina.pdf [2012/08/03 15:18:23 | 000,061,172 | ---- | C] () -- C:\Users\Simone\Desktop\Der Denker greift ein- Christine N..pdf [2012/08/03 15:14:14 | 000,094,662 | ---- | C] () -- C:\Users\Simone\Desktop\Textueberarbeitung_01.pdf [2012/08/03 15:13:57 | 000,056,820 | ---- | C] () -- C:\Users\Simone\Desktop\Satzanfaenge_fuer_Aufsaetze.pdf [2012/08/02 10:54:59 | 001,881,931 | ---- | C] () -- C:\Users\Simone\Desktop\hires-28Jul2012__Silvia_Lelli_5397.jpg [2012/07/30 22:55:50 | 000,765,603 | ---- | C] () -- C:\Users\Simone\Desktop\Pink.png [2012/07/30 22:54:13 | 000,761,571 | ---- | C] () -- C:\Users\Simone\Desktop\Unbenannt.png [2012/07/27 20:25:30 | 000,069,721 | ---- | C] () -- C:\Users\Simone\Desktop\Studenplan H12.pdf [2012/06/25 14:46:07 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll [2012/06/25 14:46:07 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll [2012/05/10 16:27:05 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini [2011/12/08 15:52:17 | 000,003,584 | ---- | C] () -- C:\Users\Simone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/06 11:38:16 | 000,000,000 | ---- | C] () -- C:\Users\Simone\AppData\Local\{49557FF9-8682-4B27-A7E1-BF0FFED1B64E} [2010/09/10 14:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010/09/01 07:25:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010/05/14 05:51:58 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2010/10/25 09:47:43 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Academic Software Zurich [2012/02/01 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Audacity [2011/12/20 17:20:07 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Azureus [2011/11/04 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\com.w3i.FlipToast [2012/08/16 12:05:55 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Dropbox [2011/11/04 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Fighters [2011/04/25 11:26:09 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Information Factory [2012/02/04 19:18:45 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\LimeWire [2012/05/11 20:30:37 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\Media Get LLC [2011/08/04 15:42:54 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\PowerCinema [2012/08/11 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\Simone\AppData\Roaming\uTorrent [2012/07/02 22:45:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Extras.Txt: OTL Extras logfile created on: 8/16/2012 12:13:24 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Gast\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.68 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 52.64% Memory free 7.35 Gb Paging File | 4.97 Gb Available in Paging File | 67.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.66 Gb Total Space | 326.29 Gb Free Space | 72.08% Space Free | Partition Type: NTFS Computer Name: SIMONE-PC | User Name: Simone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0026DDC7-1776-4977-9C4D-EEF12BB61E22}" = lport=139 | protocol=6 | dir=in | app=system | "{02548CA8-84D6-4ABA-A1CF-31D267F1616C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{288F5524-AA81-40AE-ACDB-537CFFBFF78A}" = rport=10243 | protocol=6 | dir=out | app=system | "{29A0ADFE-8226-4505-851B-3B774022BB99}" = lport=137 | protocol=17 | dir=in | app=system | "{3075442E-55F3-4249-865D-28AAFA70EDD7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3B836641-E0D1-4DF9-BE46-9CF642757E8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4214B449-A478-4D45-8D54-B14CBA9BC40A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{458CA236-3682-4BDE-81A3-0CA1C982911A}" = lport=2869 | protocol=6 | dir=in | app=system | "{54D2D839-E797-4352-BAF5-F18C7F4F42D4}" = lport=2869 | protocol=6 | dir=in | app=system | "{55E984D4-6A2D-4213-ADC6-A5716CE6FF01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D80782A-CD0C-4B7D-928E-72494223DCB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E7C4444-880F-4A46-80CC-2791B462F4B8}" = rport=138 | protocol=17 | dir=out | app=system | "{64C8031F-4378-4557-96E3-920E1874BA94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{65E68B94-1285-446A-891A-CA9078D230AD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6A5149E3-3E07-4734-BB20-AA6E58C21301}" = rport=137 | protocol=17 | dir=out | app=system | "{76C93AFF-5411-4440-930D-B5983B64185B}" = lport=10243 | protocol=6 | dir=in | app=system | "{7C91727A-50F9-418F-9117-E5370E04BB70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8BD76939-ABE4-42B8-B745-1B6ED9993F6C}" = lport=445 | protocol=6 | dir=in | app=system | "{961BC708-450F-4C27-9BF5-8B50DD3FB052}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{97AD7C7D-6ADC-44B3-B2C8-7382743E1F16}" = rport=445 | protocol=6 | dir=out | app=system | "{9FA8E6C5-5227-4A40-8978-78FAE7023BFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BAA7168C-874E-406E-8942-7787C393AC6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BF5DAD7A-CCCE-4DE7-B91E-54B425252F5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EEB51B3B-F0BA-42D6-9F7F-052968E25F6A}" = lport=138 | protocol=17 | dir=in | app=system | "{F36C1406-6DD9-4822-BA3D-A629B902E335}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FAFEECCC-3831-4394-9438-EF012F68D7D2}" = rport=139 | protocol=6 | dir=out | app=system | "{FF7C93AC-0FB1-49F8-8E7E-B01F74A1805F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0128C00F-582B-4475-B847-F636457DFE85}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{0CA7AE55-E1B4-4D1D-BC87-8A04EA1EBE56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0E2C22C9-0087-46C8-9E65-EF4EEE8A4B03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{19A06802-E4DE-4FA5-B919-12B7B99C25EF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1D9DACCD-EBFA-4C02-AEA0-8293321F98ED}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{1DE5DB59-3887-460A-ACA1-99A8085D4374}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{21AE7B22-C2C0-4634-89B8-2EEABE258349}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{2905B7C6-91DD-4A23-B3FF-FE8EA69583D2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3D844363-B21C-443C-BEA4-22552F0E226C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{400F8735-1203-479F-AE25-E158AB060FF9}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{4A14D83A-61BF-4D9B-8E20-A41B6532F889}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{4AE662AA-B431-4FE5-B5E5-21BFF8389A0A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{511D13A6-FDFA-4EE9-8B8C-D0052DF66091}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | "{53734A0D-161C-4D06-BF4E-B8EF9253BD8B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5474044E-9CFD-4D0A-B5BE-78FD67F6D5AC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{55F2A4CE-6D4C-4603-A497-1294D2A4CF9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5688A585-4EBD-4F9E-8263-561E9E16EC4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59A7465A-FE4E-4B97-A18D-100F077C08B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{5BBB011D-8011-4309-8035-71446F867D79}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{63D170A2-5B22-4494-8A80-29E00F8ABC81}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | "{64F16C84-D282-47AB-A4B9-D79ED6165EED}" = protocol=6 | dir=out | app=system | "{6804BCA9-A4F2-4B2E-A30D-0874B30D0A6A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | "{680643F8-EB80-469E-B74E-5770A18D8370}" = protocol=6 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe | "{6EB6B8DF-90A8-4BE8-89E6-1F3FDB1243E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{726CDA6B-ACEE-4F9C-8C5B-46DCF211335B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7BEFD909-63D7-4D38-862D-9A3865A02F31}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CC69254-77B5-4F77-B2BB-2050EB234D5C}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{84A33FD6-1880-409D-881D-F9471E97E5AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8B75ACAB-C601-49A6-8EBA-D6210D506D3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C348C35-BB2B-443E-9AB5-50B6A9006522}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{921501EE-70E0-40C3-A2D2-16C79AA06169}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{92E79B43-C60D-4958-93FE-4A3B91B4B8BF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{931D645B-0029-4687-8C72-A8E551F81D68}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A146B774-9FC2-4C15-91CF-359F9BC6B528}" = protocol=17 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe | "{A58A303E-AA26-4095-8C35-965051D6BB0A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A5E14E44-C2AB-4CEB-B18B-7C2EC0FBD84C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{ACA3C497-4136-4241-B941-D17208B8C502}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{B09C15DA-1C80-4A88-965D-657E1C842173}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | "{B67AE76E-608D-4794-B77F-9426485A8197}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B68B99D9-6D69-4AB6-A9AE-F18A48BCE885}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC767914-C52F-4242-B825-AC97FF3ED323}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{BD03BD2F-743A-4187-9CCE-B151347F77A8}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{C09570D5-3155-4BC9-8EC1-9E07C3C2B31F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C1626F11-3435-46B8-B7F8-D28E59DEF066}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | "{C91AC3C4-1ECA-4863-8AB2-9EBAF2B74A45}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{CADBF280-F1B8-461A-9948-D80366C21694}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D006BB5D-1CD5-4609-98D9-F1A22D47A22D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E0595C9E-FF77-466F-AD20-8A787598F8EF}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{E637643D-B8A2-4B96-B161-59B0C8012361}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{E6D5F66B-19AA-45E2-BE1C-E789BEC8AF60}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E7EB095C-ED0E-4A2E-B015-FE0F3174BF56}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{E8369B94-2E84-4DEA-ABBC-864F7D4C61B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EDCBF3E9-2085-4DB5-8F73-86EC45BCB45A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1FA21F5-81DC-4547-8171-7A45F3A8ED7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F5132214-3171-4092-8345-3A660D6DF120}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | "{FB57AEA9-AF25-4BFB-8D56-56D7EF6B848C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{2ED75A12-1E59-4982-86B3-3B98EDD7B251}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{7F2CDF5B-F411-4E1B-9EA5-80E1F8C642B2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{A14037E4-36B7-4B7D-83E7-6404F7EE8DDA}C:\users\simone\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\simone\appdata\local\mediaget2\mediaget.exe | "TCP Query User{B29F4625-EA41-409C-A9C8-7873C6462D7C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{DAE8DE2E-4740-4E0D-8451-91FF9904E043}C:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{E53FC0D7-B947-4E5D-A255-E3BB7DBB4548}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "TCP Query User{F40F37E1-A9C3-44CB-B339-8E9C883E32B0}C:\users\simone\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\simone\appdata\local\mediaget2\mediaget.exe | "UDP Query User{02C5F275-3E23-48FA-A9EA-046E8D19264D}C:\users\simone\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\simone\appdata\local\mediaget2\mediaget.exe | "UDP Query User{144999E6-1527-4326-968E-9ED527C83468}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "UDP Query User{529027CC-74F7-4B63-AD2B-593B15A4E1FD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{5A8BFA13-25EA-4E1C-949C-41A0C8910EC4}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{67D8622B-7F7B-41D7-A43C-DA26B2CD5FAB}C:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\simone\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{6D8B3C60-1701-4D9F-95D7-D4A3C569A757}C:\users\simone\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\simone\appdata\local\mediaget2\mediaget.exe | "UDP Query User{A4EC9072-4440-4A70-90AC-B849259174A3}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "PDF-XChange 3_is1" = PDF-XChange 3 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish "{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch "{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional "{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23 "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding "{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian "{56B5FD77-D1D3-48A5-B15F-2BE6AA6527BB}" = GlobalVPN Client "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light "{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian "{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update "{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek "{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy "{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All "{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing "{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation "{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish "7333-8794-1629-3209" = steuern.lu.2010 nP 6.0.2 "9004-7442-8537-0667" = steuern.lu.2011 nP 7.0.1 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "Citavi" = Citavi 2.5 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "Identity Card" = Identity Card "InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23 "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "LehrerOffice Win_is1" = LehrerOffice Win "lgx4.lgx.server" = G DATA Logox4 Speechengine "LimeWire" = LimeWire 4.18.8 "LManager" = Launch Manager "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Picasa 3" = Picasa 3 "RealPlayer 15.0" = RealPlayer "SearchCore for Browsers" = SearchCore for Browsers "Searchqu 406 MediaBar" = Windows iLivid Toolbar "SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver" = SHARP MX/DX Series PCL/PS Printer Driver "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.5 "WinLiveSuite" = Windows Live Essentials "XMind" = XMind ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Dropbox" = Dropbox "MediaGet" = Der Torrent-Client MediaGet ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/30/2012 8:10:36 AM | Computer Name = Simone-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.7600.17006 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2cc Startzeit: 01cd6e4ae9ce5f09 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 901d54ec-da3f-11e1-bb70-c80aa9c616ac Error - 7/30/2012 4:53:14 PM | Computer Name = Simone-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17006, Zeitstempel: 0x4f90d722 Name des fehlerhaften Moduls: YontooIEClient.dll, Version: 1.10.1.0, Zeitstempel: 0x4e4e9316 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000580f6 ID des fehlerhaften Prozesses: 0xb84 Startzeit der fehlerhaften Anwendung: 0x01cd6e93d9869d0c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Berichtskennung: 9440f2a5-da88-11e1-85be-c80aa9c616ac Error - 8/4/2012 4:12:49 AM | Computer Name = Simone-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/4/2012 4:12:49 AM | Computer Name = Simone-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15584 Error - 8/4/2012 4:12:49 AM | Computer Name = Simone-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15584 Error - 8/5/2012 5:03:03 PM | Computer Name = Simone-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17006, Zeitstempel: 0x4f90d722 Name des fehlerhaften Moduls: YontooIEClient.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e4e9316 Ausnahmecode: 0xc0000005 Fehleroffset: 0x662136c1 ID des fehlerhaften Prozesses: 0xf18 Startzeit der fehlerhaften Anwendung: 0x01cd7349c9323773 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: YontooIEClient.dll Berichtskennung: f1df65fd-df40-11e1-b428-c80aa9c616ac Error - 8/6/2012 10:43:35 AM | Computer Name = Simone-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.7600.17006 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11ac Startzeit: 01cd73e05daeb6df Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 17d75c01-dfd5-11e1-a981-c80aa9c616ac Error - 8/9/2012 3:46:02 PM | Computer Name = Simone-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17006, Zeitstempel: 0x4f90d722 Name des fehlerhaften Moduls: YontooIEClient.dll, Version: 1.10.1.0, Zeitstempel: 0x4e4e9316 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000580f6 ID des fehlerhaften Prozesses: 0x16b4 Startzeit der fehlerhaften Anwendung: 0x01cd7666473e4730 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Berichtskennung: d94d5d0e-e25a-11e1-a210-c80aa9c616ac Error - 8/10/2012 1:15:06 PM | Computer Name = Simone-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.7600.17006 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3c8 Startzeit: 01cd7719a708fcb3 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: ec37b958-e30e-11e1-bcac-c80aa9c616ac Error - 8/16/2012 5:57:50 AM | Computer Name = Simone-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.57.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a7c Startzeit: 01cd7b935c999eb1 Endzeit: 16 Anwendungspfad: C:\Users\Gast\Desktop\OTL.exe Berichts-ID: [ Media Center Events ] Error - 12/18/2011 9:35:53 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 14:35:53 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12/18/2011 9:36:57 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 14:36:36 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12/18/2011 9:37:39 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 14:37:18 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12/18/2011 9:38:02 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 14:38:00 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12/19/2011 4:15:38 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 09:15:38 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12/19/2011 4:16:42 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 09:16:21 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12/19/2011 4:17:24 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 09:17:03 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12/19/2011 4:17:47 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 09:17:45 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 4/18/2012 11:03:03 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 17:03:03 - Fehler beim Herstellen der Internetverbindung. 17:03:03 - Serververbindung konnte nicht hergestellt werden.. Error - 4/18/2012 11:03:17 AM | Computer Name = Simone-PC | Source = MCUpdate | ID = 0 Description = 17:03:09 - Fehler beim Herstellen der Internetverbindung. 17:03:09 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 8/16/2012 5:24:09 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 5:24:10 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 5:24:10 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 5:25:22 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 5:54:14 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 5:58:29 AM | Computer Name = Simone-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 8/16/2012 6:04:23 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 6:08:46 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 6:08:46 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = Error - 8/16/2012 6:08:47 AM | Computer Name = Simone-PC | Source = DCOM | ID = 10016 Description = < End of report > Es wäre suuuper, wenn Ihr mir weiterhelfen könnt! Danke schon im Voraus  |
| Themen zu SUIVA-Trojaner |
| antivir, autorun, avg secure search, avg security toolbar, avira, avira searchfree toolbar, bandoo, bho, bonjour, cid, computer, document, error, excel, firefox, flash player, google, google earth, home, iexplore.exe, igdpmd64.sys, install.exe, internet, launch, locker, logfile, mywinlocker, pc-gesperrt, plug-in, programm, realtek, registry, scan, searchcore, secure search, security, software, starten, suiva, svchost.exe, trojaner, vtoolbarupdater, windows, yontoo |
Baum-Darstellung