|
Log-Analyse und Auswertung: Schweizerische Eidgenossenschaft, Windows 7 x64Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.10.2012, 14:31 | #1 |
| Schweizerische Eidgenossenschaft, Windows 7 x64 Hallo zusammen Auf einem meiner PCs hat sich der "Schweizerische Eidgenossenschaft" Trojaner eingenistet. Folgende Daten spuckt der OTL-Scan aus: OTL.txt Code:
ATTFilter OTL logfile created on: 10/30/2012 1:47:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.86 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 77.62% Memory free 15.73 Gb Paging File | 13.69 Gb Available in Paging File | 87.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.16 Gb Total Space | 355.81 Gb Free Space | 79.04% Space Free | Partition Type: NTFS Drive D: | 7.45 Gb Total Space | 3.26 Gb Free Space | 43.75% Space Free | Partition Type: FAT32 Computer Name: ZIPFEL-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL(3).exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\CLX.PayPen\CLXReader.exe (CREALOGIX E-Payment AG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe (Swisscom) PRC - C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\Vc.exe (Acer Incoporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe File not found SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe File not found SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe File not found SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (0091051351601067mcinstcleanup) -- C:\Users\***\AppData\Local\Temp\009105~1.EXE (McAfee, Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (qtsmon) -- C:\Windows\SysNative\drivers\qtsmon.sys (AVG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.) DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (PayPen) -- C:\Windows\SysNative\drivers\PayPen.sys () DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (nuvotonhidcir) -- C:\Windows\SysNative\drivers\nuvotonhidcir.sys (Nuvoton Technology Corporation) DRV:64bit: - (nuvotonir) -- C:\Windows\SysNative\drivers\nuvotonir.sys (Nuvoton Technology Corporation) DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron ) DRV:64bit: - (AVPolCIR) -- C:\Windows\SysNative\drivers\AVPolCIR.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (AVerPola) -- C:\Windows\SysNative\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (pendfu) -- C:\Windows\SysWOW64\drivers\pendfu.sys (Anoto AB) DRV - (PayPen) -- C:\Windows\SysWOW64\drivers\PayPen.sys (Anoto) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_8942g&r=273601104506l0363z1k5t4971h23q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/ IE - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\..\SearchScopes,DefaultScope = {AD189A32-E5E7-4B74-B6A9-769F055EDBD1} IE - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\..\SearchScopes\{AD189A32-E5E7-4B74-B6A9-769F055EDBD1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ACAW_deCH363 IE - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\***\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2010/02/28 15:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010/02/28 15:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ O1 HOSTS File: ([2012/08/12 14:23:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Swisscom Quick Help] C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe (Swisscom) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000..\Run: [] C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe () O4 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000..\Run: [CLXReader] C:\Program Files (x86)\CLX.PayPen\CLXReader.exe (CREALOGIX E-Payment AG) O4 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\..Trusted Domains: blank ([]about in Lokales Intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69914AF4-61AA-4E3D-A00F-459B31766895}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F994D8-662A-4830-96B5-5E04D4A37B03}: DhcpNameServer = 192.168.1.2 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C37A7DD1-D154-44FB-A386-5628BA17A5A0}: DhcpNameServer = 138.188.101.186 138.188.101.189 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4032F79-0E9C-4977-8AC5-B4083EEBB1A7}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000 Winlogon: Shell - (C:\Users\***\AppData\Roaming\msconfig.dat) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/30 13:47:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(3).exe [2012/10/18 08:33:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eson Pac [2012/10/10 19:39:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/10/10 19:39:32 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/10/10 19:39:32 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/10/10 19:39:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/10/10 19:39:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/10/10 19:39:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/10/10 19:39:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/10/10 19:39:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/10/10 19:39:13 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/10/10 19:39:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/10/10 19:39:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/10/10 19:39:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/10/10 19:39:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/10/10 19:39:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/10/10 19:39:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/10/10 19:39:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/10/10 19:39:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/10/10 19:39:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/10/10 19:39:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/10/10 19:39:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/10/10 19:39:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/10/10 19:38:25 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/10/10 19:37:07 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/10/10 19:37:07 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2009/12/02 04:54:42 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012/10/30 13:48:44 | 001,536,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/30 13:48:44 | 000,668,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/30 13:48:44 | 000,627,914 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/30 13:48:44 | 000,136,014 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/30 13:48:44 | 000,111,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/30 13:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/30 12:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/30 12:42:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/30 12:20:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/30 12:20:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/30 12:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/30 12:12:51 | 2037,805,055 | -HS- | M] () -- C:\hiberfil.sys [2012/10/30 11:56:17 | 000,000,047 | ---- | M] () -- C:\Users\***\AppData\Roaming\msconfig.ini [2012/10/30 09:40:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(3).exe [2012/10/12 05:55:50 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/10/10 17:24:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/10 17:24:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/10/18 07:08:47 | 000,000,047 | ---- | C] () -- C:\Users\***\AppData\Roaming\msconfig.ini [2012/08/31 11:21:11 | 000,000,234 | ---- | C] () -- C:\Windows\CCPen200.ini [2012/08/30 11:47:31 | 002,089,984 | ---- | C] () -- C:\Windows\SysWow64\CustomPic.dll [2012/08/30 11:20:18 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pdf417enc.dll [2012/08/30 09:33:29 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL [2012/08/08 14:07:30 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/06/15 17:00:58 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2011/07/03 23:33:38 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{A04F0A70-BF90-42FD-8E74-DDD26D8BBE1B} [2011/03/13 14:34:54 | 000,225,912 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010/12/15 16:59:54 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2010/12/15 16:59:54 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2010/12/12 18:35:36 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini [2010/04/07 11:47:05 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2010/02/22 10:15:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/01/29 14:28:56 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2010/01/25 11:25:06 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/05/21 13:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.jfwupdate [2012/05/21 14:15:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.Kanton GR [2012/08/30 10:16:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avery [2011/12/08 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010/03/01 12:14:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CREALOGIX E-Payment AG [2011/11/09 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog [2010/01/19 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole [2011/07/19 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go [2010/10/08 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\jass [2010/05/06 12:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010/12/18 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PanoramaStudio [2010/01/20 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012/08/30 12:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2010/07/29 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SCCmdr [2010/01/20 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA [2010/02/28 15:52:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012/06/15 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinTrack ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10/30/2012 1:47:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.86 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 77.62% Memory free 15.73 Gb Paging File | 13.69 Gb Available in Paging File | 87.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.16 Gb Total Space | 355.81 Gb Free Space | 79.04% Space Free | Partition Type: NTFS Drive D: | 7.45 Gb Total Space | 3.26 Gb Free Space | 43.75% Space Free | Partition Type: FAT32 Computer Name: ZIPFEL-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1029153707-475560901-2306185662-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiSpywareOverride" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{192210D0-F85E-46CC-821C-CD79A7A0AD41}" = lport=445 | protocol=6 | dir=in | app=system | "{22B45203-F041-4779-B597-1B3DDFE98696}" = rport=138 | protocol=17 | dir=out | app=system | "{23049AA1-6945-4972-A028-9DEDB16AEDA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{511E6B24-4FBA-4A88-A255-666F96925FF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{56C61282-1E44-4D89-9DE8-1229CCC91573}" = rport=445 | protocol=6 | dir=out | app=system | "{5E382770-EEF8-4613-B5C9-268F9486BEC0}" = rport=10243 | protocol=6 | dir=out | app=system | "{63F7CBBA-12F0-4120-AB89-B2D547B3D9EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7F209D90-766B-4A22-AEAD-7E4B3324F025}" = lport=139 | protocol=6 | dir=in | app=system | "{89FEC948-E4CD-4C99-B32A-61FB8FE5FD92}" = lport=137 | protocol=17 | dir=in | app=system | "{92773B8C-9CF1-433B-A0AA-547834700A7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{98A47B0A-72AE-490F-B661-A737B3EC74F7}" = lport=2869 | protocol=6 | dir=in | app=system | "{9C44F61B-FAEC-4B8D-9A63-6A596DADB44F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DF17F04-5923-4B4B-A89A-C8CF3F585904}" = lport=10243 | protocol=6 | dir=in | app=system | "{A6396914-06D9-48D6-AC6D-E3FE26F07B7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8C1FF74-D326-4191-8CDF-DECE7413157C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B09C8000-FA5E-4ED8-B317-A710882A5EF8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B5A7AA69-373D-4829-80B0-70E6133CA8C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B7C40BD9-4C93-40D4-B304-3815A11F91CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B9E00659-EAF2-41E4-AC78-0759407FCB5A}" = lport=138 | protocol=17 | dir=in | app=system | "{BD6BA553-BF4E-47A0-A65F-F5AA3EF2135C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C99C5CF8-202A-4551-AC4D-B6222653F9C5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{CC509794-C11A-4E21-8B6F-9D82C18B612D}" = rport=139 | protocol=6 | dir=out | app=system | "{CE76E807-CFBC-4C57-BAC6-8DCE5868B6E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DFA85B7C-29B3-4D0B-AE70-29DFD9C62084}" = rport=137 | protocol=17 | dir=out | app=system | "{EAFEED5F-C592-4723-B80F-638B5D8379A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F18A3D61-FF58-43DD-BFBA-5379B85E5B39}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06EC5B92-8D86-4801-A7F5-8BD7AEFB9257}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0B482FCD-3653-4E7A-ADC6-1E083F3CF9E5}" = protocol=17 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{19C4F781-2345-495A-826B-9DC0D9A52868}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1C3C1C48-667C-43CB-BA84-338E56527A45}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{1EED1119-60E5-4C24-8D46-859284F0BA5F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{295B32F6-B7A9-417F-8BD6-91BEDF1AD1BF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2EC0B3F0-2F62-458D-8729-C124B77E5D2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{303D56CE-90C0-493D-B11F-0A064C5A43EE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{32E88F30-F527-4635-B6CC-0D957E03750C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{33E703FF-0504-4BE0-BA67-8B1B5C3EC2B5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{35C0E4AD-5D34-47C6-837A-221B578B5C9C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3D86ACAC-5282-4E47-A9D4-87C82AED93B3}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{47B6831A-0692-4773-B3DA-9FBFEFD26BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{4A8A3339-9D59-453E-AE1C-527C23784D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{5133744A-9FB6-40B6-B754-451EAABB26E8}" = protocol=6 | dir=out | app=system | "{5C867BAB-A2A8-4964-8F76-4137124B757E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6765B239-A979-4097-937E-DC61470BCF6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{686E1349-7316-43FD-85A8-292106F50237}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{68974D6F-8AF8-4133-AE72-47E75930761B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{6A5DE23E-9399-4845-B52F-C7C07F3C6ED2}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{6DF961CF-E1DA-484B-BF77-24F0C16B2F52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6F633E12-528B-49FB-9E11-9BF526113D12}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{734F2E44-CC43-4DF6-AF69-4B5D6482D1C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7E9F146D-B475-423A-8A2C-A43B416AC480}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{8018D466-4A6B-4D3B-963D-00D11C9C2187}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8E32E432-38DD-4B8E-8629-62C877879E74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A916F11-4DE6-4010-8CE9-DA3D2C27468C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A3ACBBBA-FA04-468C-BF07-33C0CAF189E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A6383BE1-E098-46B4-A68A-89EE98C6BB53}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{B01D6048-221E-4369-BE78-339D9234EF9B}" = protocol=17 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{B1FF7EAB-C60D-450F-8E8B-B9C5F81C2A2A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{B5A637DD-3949-4C1C-840D-398747DE885C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B5F7AD41-2C9B-4944-A8E9-2D5FFCADD437}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B63E602B-6A2D-4A8E-8445-8B251FD764F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B967836D-3500-4F9B-A6B4-7DFDA86AC0D3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | "{BB127AB9-C3C2-4186-AF2A-DD093CEC9DC7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BBCA25BB-583D-4E7F-9B77-EE2720A5BE49}" = protocol=6 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{C0EB77DF-BCA3-4A77-B117-BD8713BB9F56}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C1570091-5EF9-4CA5-B9D7-29C3BD0A1663}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DB15CD04-97C4-42BB-8AEE-F668AC0761E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E2F71996-FF12-4390-A40B-A0970F4991DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E63BBE94-836F-4C5D-BE89-C3B3E9FA50D4}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{E8359717-B642-468F-A082-BEA5CA3D22EC}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{F41DEC91-9C39-4476-B572-36F9BD64FCF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F484F8DF-0770-42C2-8EB8-3ADC197D1028}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | "{F4ABDA95-EA8B-436A-B7D5-457634F3B6C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1F6E8D55-B357-924F-4D4F-A9362F8DE508}" = ATI AVIVO64 Codecs "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{50BCEEB5-51B5-8CAB-5CF3-6FC39FAC5F97}" = ccc-utility64 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BEC41B0-AC4F-B2ED-C018-9EAF5F899B64}" = ATI Catalyst Install Manager "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "CCleaner" = CCleaner "FF0C660232778E730A83A02DA620652B3CF36C07" = Windows-Treiberpaket - C Technologies AB (PayPen) Input Pen (09/28/2007 2.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FE12C6-DEEA-492F-86F9-DD94D8E5DC95}" = MAGIX Foto Premium 9 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0490C561-AADE-6FC2-A070-B6E8748C12C9}" = CCC Help Korean "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E5303FB-675D-13FB-4094-38A2AAFDE3D2}" = CCC Help Polish "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{17E7B2A7-5724-4512-ACAF-C8A8A7B31587}" = MAGIX Speed 2 (MSI) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{256BB949-E6A7-EDCE-510E-EF94C42935ED}" = CCC Help English "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{27996809-446F-7261-6C69-6B654C656F6E}" = "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2AC0E5E1-16DB-D180-9010-C6CDD05BA73E}" = Catalyst Control Center InstallProxy "{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall "{2E990203-52AE-DFA7-DE21-AE34898AAA15}" = CCC Help German "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34640D58-9398-08E9-2378-D41D8809B2DA}" = CCC Help Hungarian "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{47FAC56C-039D-D45F-6669-3E930962C1B4}" = CCC Help Portuguese "{49C1A51C-7A09-49AE-9447-90D3945FC6A7}" = MAGIX Screenshare "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA58505-25DD-7CC9-E319-F89BAD7AE567}" = CCC Help Chinese Traditional "{4E6D9A26-19DD-B035-57F9-4FDEC8B4D02C}" = Catalyst Control Center Graphics Full Existing "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6B014B5A-27D8-4214-70C0-DE339593EF1C}" = CCC Help Spanish "{6E599EC6-4E18-D2CC-5D89-1A26797907E9}" = CCC Help Greek "{6FDEE38B-B58A-2329-E982-7B8E3D850103}" = CCC Help Italian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{761F972F-215D-45B9-8F9D-0D1A2C4720AB}" = Acer Arcade Instant On "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7666FF63-8693-7181-2B30-2050EF3FBB50}" = CCC Help Norwegian "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{792E8701-AF9F-F8A5-2213-E122155693CC}" = Catalyst Control Center Core Implementation "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{832BFF4E-B65C-4AF0-AA0E-52A64705C5F6}" = MAGIX Xtreme Grafik Designer 5 "{835CEF5E-4CAC-4904-AD80-52AD0D158BB7}" = SCR3xxx Smart Card Reader "{8393592A-B977-489E-8C78-84E19DE9FE21}" = MAGIX 3D Maker (embedded MSI) "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859258F8-3F00-4335-BBD5-318F17369012}" = MAGIX Online Druck Service "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8935E637-8A05-DA5D-818E-386826BF13A1}" = CCC Help Russian "{8B15BA16-CFD6-43F5-A87C-F8AD7EF14F65}" = CLX.PayPen - CLX.PayPen Wireless "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E425D74-5222-6759-8C81-7A74D4B3D1FC}" = CCC Help Turkish "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8F8AB607-DBA4-4367-BDB0-D1E827BE2D9A}" = Swisscom Quick Help "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91E30407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96734C43-60F7-ADDB-F1FC-FDF19F803500}" = Catalyst Control Center Localization All "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0433EF7-583F-70B3-7D40-9926E4BCBB6A}" = Catalyst Control Center Graphics Previews Vista "{A7218E49-6F96-7BC9-C2F8-005C78F44AD6}" = CCC Help Finnish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AFAC70C3-43BC-4970-E523-317BA6FA4529}" = CCC Help Danish "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B22BE2E7-C468-D12A-CEF6-AA805AEFA5FE}" = ccc-core-static "{B2B7614A-4E79-98AD-8A4D-BD77B6CC3150}" = CCC Help Dutch "{B904B80E-4C90-358D-4BBF-5320B2DCF292}" = CCC Help Czech "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D349DC8B-C170-3C76-550F-47016B637EB3}" = CCC Help Chinese Standard "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D707A9BC-2C43-432E-9522-341C7C5E6EBD}" = Stöck Wyys Stich 10 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E2B6EFC0-9B8C-52DE-8756-728C0F10C9F7}" = CCC Help Thai "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E66503DA-AC2A-DD62-1BE2-656C2526C433}" = CCC Help French "{E769412F-773A-CBA9-8C30-F40C0D669122}" = CCC Help Swedish "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE3DF968-A056-D7C9-4668-AF255229BDE1}" = CCC Help Japanese "{EE61AF14-2330-6A1D-4EF6-D4ACB14B1084}" = Catalyst Control Center Graphics Full New "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio 2 "{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers "{FC6BB661-B2D8-C176-36A3-EC65D04184C4}" = Catalyst Control Center Graphics Light "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVerMedia Gaming Plug-in" = AVerMedia Gaming Plug-in 2.0.10.0 "AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.0.64.25 "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data "Canon MG6200 series Benutzerregistrierung" = Canon MG6200 series Benutzerregistrierung "Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CHIPDRIVE Smartcard Commander_CDInst21" = CHIPDRIVE Smartcard Commander "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Etiketten-Druckerei 7_is1" = DATA BECKER Etiketten-Druckerei 7 "FrRefEng" = French Spelling Settings "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "HijackThis" = HijackThis 2.0.2 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager "InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "LManager" = Launch Manager "MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9 "MAGIX Online Druck Service D" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX Foto Premium 9 "MAGIX_MSI_XtremeGrafik5" = MAGIX Xtreme Grafik Designer 5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "mufin player D" = mufin player "NP_SO_2009" = SolothurnTax 2009 9.2.23 "NP_SO_2010" = SolothurnTax 2010 10.2.17 "NP_SO_2011" = SolothurnTax 2011 11.3.48 "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "OUTLOOKR" = Microsoft Office Outlook 2007 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Samsung CLP-500 Series" = Samsung CLP-500 Series "Secunia PSI" = Secunia PSI (2.0.0.3001) "SilentInstall" = SilentInstall "SofTax GR 2009 NP" = SofTax GR 2009 NP "SofTax GR 2010 NP" = SofTax GR 2010 NP "SofTax GR 2011 NP" = SofTax GR 2011 NP "Swisscom Quick Help" = Swisscom Quick Help "TomTom HOME" = TomTom HOME 2.8.2.2264 "Visitenkarten-Druckerei 12_is1" = DATA BECKER Visitenkarten-Druckerei 12 "WinLiveSuite" = Windows Live Essentials "wintrack6_is1" = WinTrack Version 10.0 3D "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1029153707-475560901-2306185662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = EasyBits GO "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/30/2012 4:43:41 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 11327 Description = Error - 10/30/2012 4:43:41 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024 Description = Error - 10/30/2012 4:43:49 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 11327 Description = Error - 10/30/2012 4:43:49 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024 Description = Error - 10/30/2012 5:34:42 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: dfjikuayyj.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x00220a05 ID des fehlerhaften Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0x01cdb681c5a287a0 Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 083abfbc-2275-11e2-91e8-00269eae600d Error - 10/30/2012 5:34:45 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: dfjikuayyj.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0x4000001f Fehleroffset: 0x00220a05 ID des fehlerhaften Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0x01cdb681c5a287a0 Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 09d1cb0b-2275-11e2-91e8-00269eae600d Error - 10/30/2012 8:45:01 AM | Computer Name = ***-PC | Source = McLogEvent | ID = 5004 Description = Error - 10/30/2012 8:45:01 AM | Computer Name = ***-PC | Source = McLogEvent | ID = 5022 Description = Error - 10/30/2012 8:45:01 AM | Computer Name = ***-PC | Source = McLogEvent | ID = 5004 Description = Error - 10/30/2012 8:45:01 AM | Computer Name = ***-PC | Source = McLogEvent | ID = 5022 Description = [ OSession Events ] Error - 3/26/2010 5:30:05 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 111 seconds with 60 seconds of active time. This session ended with a crash. Error - 5/4/2010 1:28:06 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/5/2010 3:37:31 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/19/2010 9:14:33 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/21/2010 4:19:22 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/25/2010 6:10:34 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/3/2012 8:52:35 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 73 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/30/2012 4:43:38 AM | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2003 (KB2687324) Error - 10/30/2012 4:43:46 AM | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Word 2003 (KB2687483) Error - 10/30/2012 4:44:58 AM | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2003 (KB2687323) Error - 10/30/2012 5:35:13 AM | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = Error - 10/30/2012 7:13:07 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 10/30/2012 8:45:59 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10/30/2012 8:46:00 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10/30/2012 8:46:00 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10/30/2012 8:46:01 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10/30/2012 8:46:02 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. < End of report > |
30.10.2012, 16:19 | #2 | |||||
/// Helfer-Team | Schweizerische Eidgenossenschaft, Windows 7 x64 Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Hilfeleistung - geplante Vorgehensweise:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL PRC - C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe () MOD - C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe () O4 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000..\Run: [] C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000\..Trusted Domains: blank ([]about in Lokales Intranet) O20 - HKU\S-1-5-21-1029153707-475560901-2306185662-1000 Winlogon: Shell - (C:\Users\***\AppData\Roaming\msconfig.dat) - File not found :Files C:\Users\***\AppData\Local\Temp\dfjikuayyj.exe C:\Users\***\AppData\Roaming\msconfig.ini ipconfig /flushdns /c :Commands [purity] [emptytemp]
Zitat:
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
4. erneut einen Scan mit OTL:
Zitat:
Nur bei Probleme inzwischen melden! ** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
31.10.2012, 17:16 | #3 |
| Schweizerische Eidgenossenschaft, Windows 7 x64 Besten Dank! Nachfolgend die Log-Files.
__________________Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.29.07 Windows 7 Service Pack 1 x64 FAT32 Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 31.10.2012 14:35:32 mbam-log-2012-10-31 (15-52-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 448795 Laufzeit: 1 Stunde(n), 11 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\10302012_175322\C_Users\***\AppData\Local\Temp\dfjikuayyj.exe (Trojan.AGent) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Acer Arcade Deluxe CyberLink Corp. 24.12.2009 99.9MB 3.1.7112 Acer Backup Manager NewTech Infosystems 01.12.2009 252MB 2.0.1.33 Acer Bio Protection Egis Technology Inc. 24.12.2009 110MB 6.2.67 Acer Crystal Eye Webcam Suyin Optronics Corp 24.12.2009 5.2.10.2 Acer eRecovery Management Acer Incorporated 01.12.2009 4.05.3006 Acer GameZone Console Oberon Media, Inc. 01.12.2009 5.1.0.2 Acer GridVista Acer Inc. 14.08.2012 3.01.0730 Acer PowerSmart Manager Acer Incorporated 24.12.2009 4.06.3008 Acer Registration Acer Incorporated 14.08.2012 1.02.3006 Acer ScreenSaver Acer Incorporated 14.08.2012 1.11.0715 Acer Updater Acer Incorporated 01.12.2009 1.01.3017 Acer VCM Acer Incorporated 01.12.2009 4.05.3000 Acrobat.com Adobe Systems Incorporated 01.12.2009 1.60MB 1.6.65 Adobe AIR Adobe Systems Incorporated 14.08.2012 2.7.1.19610 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.10.2012 6.00MB 11.4.402.287 Adobe Reader X (10.1.4) Adobe Systems Incorporated 20.08.2012 117MB 10.1.4 Adobe Shockwave Player 11.6 Adobe Systems, Inc 14.10.2011 33.2MB 11.6.1.629 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 14.08.2012 11.6.4.634 Alice Greenfingers Oberon Media 14.08.2012 Amazonia Oberon Media 14.08.2012 Apple Application Support Apple Inc. 20.09.2012 64.4MB 2.2.2 Apple Mobile Device Support Apple Inc. 20.09.2012 23.7MB 6.0.0.59 Apple Software Update Apple Inc. 12.07.2011 2.38MB 2.1.3.127 ATI Catalyst Install Manager ATI Technologies, Inc. 24.12.2009 20.7MB 3.0.750.0 AVerMedia Gaming Plug-in 2.0.10.0 AVerMedia TECHNOLOGIES, Inc. 14.08.2012 2.0.10.0 AVerMedia H830 USB Hybrid TV 10.0.64.25 AVerMedia TECHNOLOGIES, Inc. 14.08.2012 10.0.64.25 AVerTV AVerMedia Technologies, Inc. 29.07.2010 29.8MB 6.0.18 Avery Wizard 4.0 Avery 30.08.2012 17.4MB 4.0.201 Bing Bar Microsoft Corporation 18.03.2011 24.4MB 7.0.609.0 Bonjour Apple Inc. 12.10.2011 1.46MB 3.0.0.10 Broadcom Gigabit NetLink Controller Broadcom Corporation 01.12.2009 368KB 12.33.02 Canon Easy-PhotoPrint EX 14.08.2012 Canon Easy-PhotoPrint Pro 14.08.2012 Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data 14.08.2012 Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data 14.08.2012 Canon Easy-WebPrint EX 14.08.2012 Canon IJ Network Scanner Selector EX 14.08.2012 Canon IJ Network Tool 14.08.2012 Canon Inkjet Printer/Scanner/Fax Extended Survey Program 14.08.2012 Canon MG6200 series Benutzerregistrierung 14.08.2012 Canon MG6200 series MP Drivers 08.12.2011 Canon MG6200 series On-screen Manual 14.08.2012 Canon MP Navigator EX 5.0 14.08.2012 Canon My Printer 14.08.2012 Canon Solution Menu EX 14.08.2012 CCleaner Piriform 24.10.2012 3.24 Chicken Invaders 2 Oberon Media 14.08.2012 CHIPDRIVE Smartcard Commander SCM Microsystems 14.08.2012 CLX.PayPen - CLX.PayPen Wireless CREALOGIX 31.08.2012 75.3MB 2.0.6.1 Compatibility Pack für 2007 Office System Microsoft Corporation 11.10.2012 262MB 12.0.6612.1000 Dairy Dash Oberon Media 14.08.2012 DATA BECKER Etiketten-Druckerei 7 DATA BECKER GmbH & Co. KG 30.08.2012 7.0.0.50 DATA BECKER Visitenkarten-Druckerei 12 DATA BECKER GmbH & Co. KG 30.08.2012 1.26GB 12.10.3.17 Dream Day First Home Oberon Media 14.08.2012 EasyBits GO EasyBits Media 28.05.2011 eSobi v2 esobi Inc. 01.12.2009 20.4MB 2.0.4.000274 Facebook Video Calling 1.2.0.287 Skype Limited 29.10.2012 4.76MB 1.2.287 FaceFilter Studio 2 Reallusion 06.05.2010 2.0 Farm Frenzy 2 Oberon Media 14.08.2012 Firebird SQL Server - MAGIX Edition MAGIX AG 06.05.2010 10.1MB 2.1.27.0 First Class Flurry Oberon Media 14.08.2012 French Spelling Settings 14.08.2012 Google Chrome Google Inc. 22.02.2010 22.0.1229.94 Google Earth Plug-in Google 13.11.2011 40.8MB 6.1.0.5001 Google Toolbar for Internet Explorer Google Inc. 23.09.2012 7.4.3230.2052 Granny In Paradise Oberon Media 14.08.2012 Heroes of Hellas Oberon Media 14.08.2012 HijackThis 2.0.2 TrendMicro 14.08.2012 2.0.2 iCloud Apple Inc. 20.09.2012 80.2MB 2.0.2.187 Identity Card Acer Incorporated 14.08.2012 1.00.3003 Intel(R) Management Engine Components Intel Corporation 25.12.2009 6.0.0.1179 Intel(R) Turbo Boost Technology Driver Intel Corporation 25.12.2009 01.00.00.1030 Intel(R) Turbo Boost Technology Monitor Intel 24.12.2009 1.13MB 1.0.186.6 Intel® Matrix Storage Manager Intel Corporation 25.12.2009 iTunes Apple Inc. 20.09.2012 182MB 10.7.0.21 Java(TM) 7 Update 5 Oracle 13.08.2012 99.3MB 7.0.50 Java(TM) 7 Update 5 (64-bit) Oracle 13.08.2012 95.0MB 7.0.50 JavaFX 2.1.1 Oracle Corporation 13.08.2012 20.8MB 2.1.1 JMicron 1394 Filter Driver JMicron Technology Corp. 14.08.2012 1.00.05.00 JMicron Flash Media Controller Driver JMicron Technology Corp. 14.08.2012 1.00.29.02 Launch Manager Acer Inc. 14.08.2012 3.0.02 MAGIX 3D Maker (embedded MSI) MAGIX AG 06.05.2010 19.8MB 6.0.0.8 MAGIX Foto Manager 9 MAGIX AG 06.05.2010 7.0.3.118 MAGIX Foto Premium 9 MAGIX AG 14.08.2012 9.0.3.2 MAGIX Online Druck Service MAGIX AG 06.05.2010 10.2MB 3.4.3.0 MAGIX Online Druck Service MAGIX AG 06.05.2010 3.4.3.0 MAGIX Screenshare MAGIX AG 06.05.2010 1.43MB 4.3.6.1987 MAGIX Screenshare MAGIX AG 06.05.2010 4.3.6.1987 MAGIX Speed 2 (MSI) MAGIX AG 06.05.2010 57.9MB 6.0.1.4 MAGIX Xtreme Grafik Designer 5 MAGIX AG 14.08.2012 5.1.2.10977 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 30.10.2012 19.4MB 1.65.1.1000 McAfee Security Scan Plus McAfee, Inc. 05.09.2012 10.2MB 3.0.207.4 Merriam Websters Spell Jam Oberon Media 14.08.2012 Microsoft .NET Framework 1.1 Microsoft 25.01.2010 34.8MB 1.1.4322 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 38.8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 2.93MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7.95MB 14.0.5130.5003 Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 14.08.2012 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 30.05.2010 508KB 2.0.4024.1 Microsoft Office Outlook 2007 Microsoft Corporation 14.08.2012 12.0.6612.1000 Microsoft Office Outlook Connector Microsoft Corporation 07.10.2010 3.36MB 14.0.5118.5000 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 21.08.2012 48.6MB 12.0.6612.1000 Microsoft Office Professional Edition 2003 Microsoft Corporation 08.08.2012 1.23GB 11.0.8173.0 Microsoft Office Suite Activation Assistant Microsoft Corporation 01.12.2009 8.36MB 2.9 Microsoft Silverlight Microsoft Corporation 08.07.2012 50.6MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 19.01.2010 1.72MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 21.01.2010 250KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 07.05.2010 200KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.05.2010 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 Microsoft Windows Media Video 9 VCM 14.08.2012 Microsoft Works Microsoft Corporation 11.10.2012 1.18GB 9.7.0621 MobileMe Control Panel Apple Inc. 19.10.2011 12.2MB 3.1.8.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.01.2010 1.27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.01.2010 1.33MB 4.20.9876.0 mufin player mufin GmbH 06.05.2010 1.1.5.61 MyWinLocker Egis Technology Inc. 01.12.2009 47.9MB 3.1.76.0 NTI Backup Now 5 NewTech Infosystems 01.12.2009 465MB 5.1.2.628 NTI Media Maker 8 NewTech Infosystems 01.12.2009 771MB 8.0.12.6630 Nuvoton CIR Device Drivers Nuvoton Technology Corporation 01.12.2009 3.40MB 8.60.2002 Protect Disc License Helper 1.0.125 (IE) Protect Disc 30.08.2012 1.0.125 ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 31.08.2012 11.0.0.14 QuickTime Apple Inc. 16.05.2012 73.2MB 7.72.80.56 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.12.2009 6.0.1.5958 Safari Apple Inc. 16.05.2012 104MB 5.34.57.2 Samsung CLP-500 Series 14.08.2012 SCR3xxx Smart Card Reader SCM Microsystems 29.07.2010 4.85MB 8.30 Secunia PSI (2.0.0.3001) 14.08.2012 SilentInstall My Company 14.08.2012 Skype™ 5.10 Skype Technologies S.A. 10.08.2012 19.2MB 5.10.116 SofTax GR 2009 NP Abraxas Informatik AG 14.08.2012 1.2.4.1392 SofTax GR 2010 NP Abraxas Informatik AG 14.08.2012 1.0.4.2044 SofTax GR 2011 NP Abraxas Informatik AG 14.08.2012 1.1.8.3049 SolothurnTax 2009 9.2.23 Ringler Informatik AG 14.08.2012 9.2.23 SolothurnTax 2010 10.2.17 Ringler Informatik AG 14.08.2012 10.2.17 SolothurnTax 2011 11.3.48 Ringler Informatik AG 14.08.2012 11.3.48 Stöck Wyys Stich 10 Optobyte AG 08.10.2010 10.0 SweetIM for Messenger 3.3 SweetIM Technologies Ltd. 12.12.2010 4.03MB 3.3.0007 SweetIM Toolbar for Internet Explorer 4.0 SweetIM Technologies Ltd. 12.12.2010 4.16MB 4.0.0004 Swisscom Quick Help Swisscom (Switzerland) AG 14.08.2012 33.6MB 3.2.1.270 Synaptics Pointing Device Driver Synaptics Incorporated 25.12.2009 14.0.6.0 TomTom HOME 2.8.2.2264 TomTom 14.08.2012 2.8.2.2264 TomTom HOME Visual Studio Merge Modules TomTom International B.V. 28.02.2010 1.88MB 1.0.2 Welcome Center Acer Incorporated 14.08.2012 1.00.3008 WIDCOMM Bluetooth Software Broadcom Corporation 24.12.2009 144MB 6.2.1.800 Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Broadcom 25.12.2009 07/30/2009 6.2.0.9405 Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Broadcom 25.12.2009 09/11/2009 6.2.0.9407 Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 25.12.2009 07/28/2009 6.2.0.9800 Windows Live Essentials Microsoft Corporation 19.07.2012 15.4.3555.0308 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 07.10.2010 5.57MB 15.4.5722.2 Windows Live Sync Microsoft Corporation 19.01.2010 2.79MB 14.0.8089.726 Windows-Treiberpaket - C Technologies AB (PayPen) Input Pen (09/28/2007 2.0.0.0) C Technologies AB 01.03.2010 09/28/2007 2.0.0.0 WinRAR 13.10.2010 WinTrack Version 10.0 3D Ing.-Büro Schneider 15.06.2012 118MB 10.0 3D Yahoo! Toolbar 14.08.2012 Code:
ATTFilter OTL logfile created on: 10/31/2012 4:56:49 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.86 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 78.01% Memory free 15.73 Gb Paging File | 13.81 Gb Available in Paging File | 87.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.16 Gb Total Space | 364.01 Gb Free Space | 80.86% Space Free | Partition Type: NTFS Drive D: | 7.45 Gb Total Space | 3.24 Gb Free Space | 43.47% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/30 09:40:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(3).exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/30 11:26:53 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe PRC - [2012/08/14 13:32:28 | 004,108,152 | ---- | M] (CREALOGIX E-Payment AG) -- C:\Program Files (x86)\CLX.PayPen\CLXReader.exe PRC - [2012/07/27 21:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/19 06:34:52 | 012,226,048 | ---- | M] (Swisscom) -- C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe PRC - [2012/07/13 07:50:52 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2011/06/17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/03/28 11:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011/03/07 13:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011/01/10 15:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2009/11/21 00:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009/11/13 04:29:08 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009/11/10 20:23:06 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe PRC - [2009/11/10 20:23:04 | 003,569,152 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe PRC - [2009/11/10 20:23:02 | 004,191,232 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe PRC - [2009/11/10 20:22:52 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe PRC - [2009/10/29 21:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009/10/29 21:30:04 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009/10/29 12:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009/10/13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/10/13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/09/24 13:15:00 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE PRC - [2009/09/10 14:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009/08/04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009/07/31 20:06:25 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2009/07/11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2009/07/10 21:03:24 | 006,201,344 | ---- | M] (Acer Incoporated) -- C:\Program Files (x86)\Acer\Acer VCM\Vc.exe PRC - [2009/07/10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009/06/19 18:31:39 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2009/04/08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008/12/09 19:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ========== Modules (No Company Name) ========== MOD - [2012/07/27 21:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll MOD - [2012/06/15 07:39:24 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/15 07:39:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/15 07:39:12 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012/05/13 06:24:38 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/13 06:24:34 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/13 06:24:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009/12/25 05:56:30 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009/11/21 00:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009/07/31 20:06:25 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe MOD - [2009/02/03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/12/04 02:05:40 | 000,788,512 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2009/11/23 04:44:32 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/11/02 21:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/10/03 03:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2012/10/10 17:24:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/30 11:26:53 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/10 20:23:06 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009/10/29 21:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009/10/13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/09/10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009/07/10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008/12/09 19:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/12 18:35:48 | 000,059,992 | ---- | M] (AVG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\qtsmon.sys -- (qtsmon) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010/05/31 19:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010/01/06 22:19:00 | 000,068,224 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64) DRV:64bit: - [2009/12/25 06:35:53 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) DRV:64bit: - [2009/11/23 05:18:06 | 006,109,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2009/11/04 16:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009/11/02 21:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/10/13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/10/12 12:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/10/02 16:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/09/17 13:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/15 05:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009/09/14 10:39:06 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PayPen.sys -- (PayPen) DRV:64bit: - [2009/09/01 00:36:18 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim) DRV:64bit: - [2009/09/01 00:36:16 | 000,026,624 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuvotonhidcir.sys -- (nuvotonhidcir) DRV:64bit: - [2009/08/31 22:45:20 | 000,068,096 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuvotonir.sys -- (nuvotonir) DRV:64bit: - [2009/08/31 21:42:04 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir) DRV:64bit: - [2009/08/29 03:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/08/29 03:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/08/24 13:10:40 | 000,022,640 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009/08/13 04:21:46 | 000,044,032 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVPolCIR.sys -- (AVPolCIR) DRV:64bit: - [2009/08/13 04:21:40 | 000,364,800 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola) DRV:64bit: - [2009/08/06 13:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/01 20:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/06/24 11:23:00 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/18 07:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009/05/05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/04/07 23:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV:64bit: - [2008/03/28 16:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys) DRV - [2009/11/13 04:29:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/24 21:37:48] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/01/25 14:28:48 | 000,039,040 | ---- | M] (Anoto AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pendfu.sys -- (pendfu) DRV - [2005/02/16 08:53:20 | 000,014,382 | ---- | M] (Anoto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PayPen.sys -- (PayPen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_8942g&r=273601104506l0363z1k5t4971h23q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/ IE - HKCU\..\SearchScopes,DefaultScope = {AD189A32-E5E7-4B74-B6A9-769F055EDBD1} IE - HKCU\..\SearchScopes\{AD189A32-E5E7-4B74-B6A9-769F055EDBD1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ACAW_deCH363 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\***\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2010/02/28 15:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010/02/28 15:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ O1 HOSTS File: ([2012/08/12 14:23:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Swisscom Quick Help] C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe (Swisscom) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [CLXReader] C:\Program Files (x86)\CLX.PayPen\CLXReader.exe (CREALOGIX E-Payment AG) O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69914AF4-61AA-4E3D-A00F-459B31766895}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F994D8-662A-4830-96B5-5E04D4A37B03}: DhcpNameServer = 192.168.1.2 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C37A7DD1-D154-44FB-A386-5628BA17A5A0}: DhcpNameServer = 138.188.101.186 138.188.101.189 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4032F79-0E9C-4977-8AC5-B4083EEBB1A7}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/30 17:53:22 | 000,000,000 | ---D | C] -- C:\_OTL [2012/10/30 13:47:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(3).exe [2012/10/18 08:33:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eson Pac [2012/10/10 19:39:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/10/10 19:39:32 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/10/10 19:39:32 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/10/10 19:39:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/10/10 19:39:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/10/10 19:39:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/10/10 19:39:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/10/10 19:39:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/10/10 19:39:13 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/10/10 19:39:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/10/10 19:39:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/10/10 19:39:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/10/10 19:39:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/10/10 19:39:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/10/10 19:39:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/10/10 19:39:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/10/10 19:39:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/10/10 19:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/10/10 19:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/10/10 19:39:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/10/10 19:39:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/10/10 19:39:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/10/10 19:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/10/10 19:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/10/10 19:39:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/10/10 19:38:25 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/10/10 19:37:07 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/10/10 19:37:07 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2009/12/02 04:54:42 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012/10/31 16:56:15 | 001,536,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/31 16:56:15 | 000,668,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/31 16:56:15 | 000,627,914 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/31 16:56:15 | 000,136,014 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/31 16:56:15 | 000,111,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/31 16:54:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/31 16:54:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/31 16:53:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/31 16:48:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/31 16:45:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/31 16:45:50 | 2037,805,055 | -HS- | M] () -- C:\hiberfil.sys [2012/10/31 15:24:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/30 17:22:29 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/10/30 17:21:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/30 17:12:08 | 000,076,730 | ---- | M] () -- C:\Users\***\Desktop\Schweizerische Eidgenossenschaft, Windows 7 x64 - Trojaner-Board.pdf [2012/10/30 09:40:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL(3).exe [2012/10/12 05:55:50 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/10/10 17:24:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/10 17:24:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/10/31 15:52:02 | 000,076,730 | ---- | C] () -- C:\Users\***\Desktop\Schweizerische Eidgenossenschaft, Windows 7 x64 - Trojaner-Board.pdf [2012/08/31 11:21:11 | 000,000,234 | ---- | C] () -- C:\Windows\CCPen200.ini [2012/08/30 11:47:31 | 002,089,984 | ---- | C] () -- C:\Windows\SysWow64\CustomPic.dll [2012/08/30 11:20:18 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pdf417enc.dll [2012/08/30 09:33:29 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL [2012/08/08 14:07:30 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/06/15 17:00:58 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2011/07/03 23:33:38 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{A04F0A70-BF90-42FD-8E74-DDD26D8BBE1B} [2011/03/13 14:34:54 | 000,225,912 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010/12/15 16:59:54 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2010/12/15 16:59:54 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2010/12/12 18:35:36 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini [2010/04/07 11:47:05 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2010/02/22 10:15:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/01/29 14:28:56 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2010/01/25 11:25:06 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/05/21 13:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.jfwupdate [2012/05/21 14:15:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.Kanton GR [2012/08/30 10:16:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avery [2011/12/08 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010/03/01 12:14:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CREALOGIX E-Payment AG [2011/11/09 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog [2010/01/19 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole [2011/07/19 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go [2010/10/08 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\jass [2010/05/06 12:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010/12/18 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PanoramaStudio [2010/01/20 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012/08/30 12:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2010/07/29 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SCCmdr [2010/01/20 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA [2010/02/28 15:52:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012/06/15 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinTrack ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10/31/2012 4:56:49 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.86 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 78.01% Memory free 15.73 Gb Paging File | 13.81 Gb Available in Paging File | 87.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.16 Gb Total Space | 364.01 Gb Free Space | 80.86% Space Free | Partition Type: NTFS Drive D: | 7.45 Gb Total Space | 3.24 Gb Free Space | 43.47% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiSpywareOverride" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{192210D0-F85E-46CC-821C-CD79A7A0AD41}" = lport=445 | protocol=6 | dir=in | app=system | "{22B45203-F041-4779-B597-1B3DDFE98696}" = rport=138 | protocol=17 | dir=out | app=system | "{23049AA1-6945-4972-A028-9DEDB16AEDA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{511E6B24-4FBA-4A88-A255-666F96925FF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{56C61282-1E44-4D89-9DE8-1229CCC91573}" = rport=445 | protocol=6 | dir=out | app=system | "{5E382770-EEF8-4613-B5C9-268F9486BEC0}" = rport=10243 | protocol=6 | dir=out | app=system | "{63F7CBBA-12F0-4120-AB89-B2D547B3D9EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7F209D90-766B-4A22-AEAD-7E4B3324F025}" = lport=139 | protocol=6 | dir=in | app=system | "{89FEC948-E4CD-4C99-B32A-61FB8FE5FD92}" = lport=137 | protocol=17 | dir=in | app=system | "{92773B8C-9CF1-433B-A0AA-547834700A7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{98A47B0A-72AE-490F-B661-A737B3EC74F7}" = lport=2869 | protocol=6 | dir=in | app=system | "{9C44F61B-FAEC-4B8D-9A63-6A596DADB44F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DF17F04-5923-4B4B-A89A-C8CF3F585904}" = lport=10243 | protocol=6 | dir=in | app=system | "{A6396914-06D9-48D6-AC6D-E3FE26F07B7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8C1FF74-D326-4191-8CDF-DECE7413157C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B09C8000-FA5E-4ED8-B317-A710882A5EF8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B5A7AA69-373D-4829-80B0-70E6133CA8C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B7C40BD9-4C93-40D4-B304-3815A11F91CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B9E00659-EAF2-41E4-AC78-0759407FCB5A}" = lport=138 | protocol=17 | dir=in | app=system | "{BD6BA553-BF4E-47A0-A65F-F5AA3EF2135C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C99C5CF8-202A-4551-AC4D-B6222653F9C5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{CC509794-C11A-4E21-8B6F-9D82C18B612D}" = rport=139 | protocol=6 | dir=out | app=system | "{CE76E807-CFBC-4C57-BAC6-8DCE5868B6E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DFA85B7C-29B3-4D0B-AE70-29DFD9C62084}" = rport=137 | protocol=17 | dir=out | app=system | "{EAFEED5F-C592-4723-B80F-638B5D8379A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F18A3D61-FF58-43DD-BFBA-5379B85E5B39}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06EC5B92-8D86-4801-A7F5-8BD7AEFB9257}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0B482FCD-3653-4E7A-ADC6-1E083F3CF9E5}" = protocol=17 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{19C4F781-2345-495A-826B-9DC0D9A52868}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1C3C1C48-667C-43CB-BA84-338E56527A45}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{1EED1119-60E5-4C24-8D46-859284F0BA5F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{295B32F6-B7A9-417F-8BD6-91BEDF1AD1BF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2EC0B3F0-2F62-458D-8729-C124B77E5D2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{303D56CE-90C0-493D-B11F-0A064C5A43EE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{32E88F30-F527-4635-B6CC-0D957E03750C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{33E703FF-0504-4BE0-BA67-8B1B5C3EC2B5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{35C0E4AD-5D34-47C6-837A-221B578B5C9C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3D86ACAC-5282-4E47-A9D4-87C82AED93B3}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{47B6831A-0692-4773-B3DA-9FBFEFD26BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{4A8A3339-9D59-453E-AE1C-527C23784D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{5133744A-9FB6-40B6-B754-451EAABB26E8}" = protocol=6 | dir=out | app=system | "{5C867BAB-A2A8-4964-8F76-4137124B757E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6765B239-A979-4097-937E-DC61470BCF6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{686E1349-7316-43FD-85A8-292106F50237}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{68974D6F-8AF8-4133-AE72-47E75930761B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{6A5DE23E-9399-4845-B52F-C7C07F3C6ED2}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{6DF961CF-E1DA-484B-BF77-24F0C16B2F52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6F633E12-528B-49FB-9E11-9BF526113D12}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{734F2E44-CC43-4DF6-AF69-4B5D6482D1C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7E9F146D-B475-423A-8A2C-A43B416AC480}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{8018D466-4A6B-4D3B-963D-00D11C9C2187}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8E32E432-38DD-4B8E-8629-62C877879E74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A916F11-4DE6-4010-8CE9-DA3D2C27468C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A3ACBBBA-FA04-468C-BF07-33C0CAF189E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A6383BE1-E098-46B4-A68A-89EE98C6BB53}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{B01D6048-221E-4369-BE78-339D9234EF9B}" = protocol=17 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{B1FF7EAB-C60D-450F-8E8B-B9C5F81C2A2A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{B5A637DD-3949-4C1C-840D-398747DE885C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B5F7AD41-2C9B-4944-A8E9-2D5FFCADD437}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B63E602B-6A2D-4A8E-8445-8B251FD764F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B967836D-3500-4F9B-A6B4-7DFDA86AC0D3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | "{BB127AB9-C3C2-4186-AF2A-DD093CEC9DC7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BBCA25BB-583D-4E7F-9B77-EE2720A5BE49}" = protocol=6 | dir=in | app=c:\program files (x86)\swisscom\quick help\swisscomquickhelp.exe | "{C0EB77DF-BCA3-4A77-B117-BD8713BB9F56}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C1570091-5EF9-4CA5-B9D7-29C3BD0A1663}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DB15CD04-97C4-42BB-8AEE-F668AC0761E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E2F71996-FF12-4390-A40B-A0970F4991DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E63BBE94-836F-4C5D-BE89-C3B3E9FA50D4}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{E8359717-B642-468F-A082-BEA5CA3D22EC}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{F41DEC91-9C39-4476-B572-36F9BD64FCF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F484F8DF-0770-42C2-8EB8-3ADC197D1028}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | "{F4ABDA95-EA8B-436A-B7D5-457634F3B6C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1F6E8D55-B357-924F-4D4F-A9362F8DE508}" = ATI AVIVO64 Codecs "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{50BCEEB5-51B5-8CAB-5CF3-6FC39FAC5F97}" = ccc-utility64 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BEC41B0-AC4F-B2ED-C018-9EAF5F899B64}" = ATI Catalyst Install Manager "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "CCleaner" = CCleaner "FF0C660232778E730A83A02DA620652B3CF36C07" = Windows-Treiberpaket - C Technologies AB (PayPen) Input Pen (09/28/2007 2.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FE12C6-DEEA-492F-86F9-DD94D8E5DC95}" = MAGIX Foto Premium 9 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0490C561-AADE-6FC2-A070-B6E8748C12C9}" = CCC Help Korean "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E5303FB-675D-13FB-4094-38A2AAFDE3D2}" = CCC Help Polish "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{17E7B2A7-5724-4512-ACAF-C8A8A7B31587}" = MAGIX Speed 2 (MSI) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{256BB949-E6A7-EDCE-510E-EF94C42935ED}" = CCC Help English "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{27996809-446F-7261-6C69-6B654C656F6E}" = "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2AC0E5E1-16DB-D180-9010-C6CDD05BA73E}" = Catalyst Control Center InstallProxy "{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall "{2E990203-52AE-DFA7-DE21-AE34898AAA15}" = CCC Help German "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34640D58-9398-08E9-2378-D41D8809B2DA}" = CCC Help Hungarian "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{47FAC56C-039D-D45F-6669-3E930962C1B4}" = CCC Help Portuguese "{49C1A51C-7A09-49AE-9447-90D3945FC6A7}" = MAGIX Screenshare "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA58505-25DD-7CC9-E319-F89BAD7AE567}" = CCC Help Chinese Traditional "{4E6D9A26-19DD-B035-57F9-4FDEC8B4D02C}" = Catalyst Control Center Graphics Full Existing "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6B014B5A-27D8-4214-70C0-DE339593EF1C}" = CCC Help Spanish "{6E599EC6-4E18-D2CC-5D89-1A26797907E9}" = CCC Help Greek "{6FDEE38B-B58A-2329-E982-7B8E3D850103}" = CCC Help Italian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{761F972F-215D-45B9-8F9D-0D1A2C4720AB}" = Acer Arcade Instant On "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7666FF63-8693-7181-2B30-2050EF3FBB50}" = CCC Help Norwegian "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{792E8701-AF9F-F8A5-2213-E122155693CC}" = Catalyst Control Center Core Implementation "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{832BFF4E-B65C-4AF0-AA0E-52A64705C5F6}" = MAGIX Xtreme Grafik Designer 5 "{835CEF5E-4CAC-4904-AD80-52AD0D158BB7}" = SCR3xxx Smart Card Reader "{8393592A-B977-489E-8C78-84E19DE9FE21}" = MAGIX 3D Maker (embedded MSI) "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859258F8-3F00-4335-BBD5-318F17369012}" = MAGIX Online Druck Service "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8935E637-8A05-DA5D-818E-386826BF13A1}" = CCC Help Russian "{8B15BA16-CFD6-43F5-A87C-F8AD7EF14F65}" = CLX.PayPen - CLX.PayPen Wireless "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E425D74-5222-6759-8C81-7A74D4B3D1FC}" = CCC Help Turkish "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8F8AB607-DBA4-4367-BDB0-D1E827BE2D9A}" = Swisscom Quick Help "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91E30407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96734C43-60F7-ADDB-F1FC-FDF19F803500}" = Catalyst Control Center Localization All "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0433EF7-583F-70B3-7D40-9926E4BCBB6A}" = Catalyst Control Center Graphics Previews Vista "{A7218E49-6F96-7BC9-C2F8-005C78F44AD6}" = CCC Help Finnish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AFAC70C3-43BC-4970-E523-317BA6FA4529}" = CCC Help Danish "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B22BE2E7-C468-D12A-CEF6-AA805AEFA5FE}" = ccc-core-static "{B2B7614A-4E79-98AD-8A4D-BD77B6CC3150}" = CCC Help Dutch "{B904B80E-4C90-358D-4BBF-5320B2DCF292}" = CCC Help Czech "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D349DC8B-C170-3C76-550F-47016B637EB3}" = CCC Help Chinese Standard "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D707A9BC-2C43-432E-9522-341C7C5E6EBD}" = Stöck Wyys Stich 10 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E2B6EFC0-9B8C-52DE-8756-728C0F10C9F7}" = CCC Help Thai "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E66503DA-AC2A-DD62-1BE2-656C2526C433}" = CCC Help French "{E769412F-773A-CBA9-8C30-F40C0D669122}" = CCC Help Swedish "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE3DF968-A056-D7C9-4668-AF255229BDE1}" = CCC Help Japanese "{EE61AF14-2330-6A1D-4EF6-D4ACB14B1084}" = Catalyst Control Center Graphics Full New "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio 2 "{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers "{FC6BB661-B2D8-C176-36A3-EC65D04184C4}" = Catalyst Control Center Graphics Light "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVerMedia Gaming Plug-in" = AVerMedia Gaming Plug-in 2.0.10.0 "AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.0.64.25 "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data "Canon MG6200 series Benutzerregistrierung" = Canon MG6200 series Benutzerregistrierung "Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CHIPDRIVE Smartcard Commander_CDInst21" = CHIPDRIVE Smartcard Commander "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Etiketten-Druckerei 7_is1" = DATA BECKER Etiketten-Druckerei 7 "FrRefEng" = French Spelling Settings "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "HijackThis" = HijackThis 2.0.2 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager "InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "LManager" = Launch Manager "MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9 "MAGIX Online Druck Service D" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX Foto Premium 9 "MAGIX_MSI_XtremeGrafik5" = MAGIX Xtreme Grafik Designer 5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "McAfee Security Scan" = McAfee Security Scan Plus "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "mufin player D" = mufin player "NP_SO_2009" = SolothurnTax 2009 9.2.23 "NP_SO_2010" = SolothurnTax 2010 10.2.17 "NP_SO_2011" = SolothurnTax 2011 11.3.48 "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "OUTLOOKR" = Microsoft Office Outlook 2007 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Samsung CLP-500 Series" = Samsung CLP-500 Series "Secunia PSI" = Secunia PSI (2.0.0.3001) "SilentInstall" = SilentInstall "SofTax GR 2009 NP" = SofTax GR 2009 NP "SofTax GR 2010 NP" = SofTax GR 2010 NP "SofTax GR 2011 NP" = SofTax GR 2011 NP "Swisscom Quick Help" = Swisscom Quick Help "TomTom HOME" = TomTom HOME 2.8.2.2264 "Visitenkarten-Druckerei 12_is1" = DATA BECKER Visitenkarten-Druckerei 12 "WinLiveSuite" = Windows Live Essentials "wintrack6_is1" = WinTrack Version 10.0 3D "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = EasyBits GO "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/31/2012 9:17:21 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024 Description = Error - 10/31/2012 9:17:26 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 11327 Description = Error - 10/31/2012 9:17:26 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024 Description = Error - 10/31/2012 9:17:32 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 11327 Description = Error - 10/31/2012 9:17:32 AM | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024 Description = Error - 10/31/2012 9:18:28 AM | Computer Name = ***-PC | Source = Google Update | ID = 20 Description = Error - 10/31/2012 9:27:02 AM | Computer Name = ***-PC | Source = Google Update | ID = 20 Description = Error - 10/31/2012 9:55:05 AM | Computer Name = ***-PC | Source = Google Update | ID = 20 Description = Error - 10/31/2012 11:48:32 AM | Computer Name = ***-PC | Source = Google Update | ID = 20 Description = Error - 10/31/2012 11:54:05 AM | Computer Name = ***-PC | Source = Google Update | ID = 20 Description = [ OSession Events ] Error - 3/26/2010 5:30:05 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 111 seconds with 60 seconds of active time. This session ended with a crash. Error - 5/4/2010 1:28:06 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/5/2010 3:37:31 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/19/2010 9:14:33 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/21/2010 4:19:22 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/25/2010 6:10:34 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/3/2012 8:52:35 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 73 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/31/2012 9:33:17 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10/31/2012 9:33:18 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10/31/2012 9:33:18 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10/31/2012 10:51:47 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 10/31/2012 10:51:48 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 10/31/2012 10:51:49 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 10/31/2012 10:51:50 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 10/31/2012 10:51:51 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 10/31/2012 10:51:52 AM | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 10/31/2012 11:46:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 < End of report > |
01.11.2012, 06:06 | #4 | |||
/// Helfer-Team | Schweizerische Eidgenossenschaft, Windows 7 x64 ► Hast du an deinem PC gar kein Antivirus-Programm? Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. wenn nicht benötigst, kannst deinstallieren: Code:
ATTFilter EasyBits Software AS 2. Zitat:
► Firebird SQL Server - mit MAGIX wird `automatisch` installiert. Falls nicht benötigst, kannst Du bedenkslos deinstallieren Du hast einen Server mit einer Datenbank (er wird automatisch und ungefragt bei der Installation der Magix-Programme mitinstalliert, aber von den meisten Usern gar nicht benötigt) Jedes Mal wenn Du das Programm Magix startest, ein Script dafür sorgt, das alle vorhandenen Datensätze der Datenbank werden aufgerufen, die wiederum meisten gar nicht benötigen... 3. ALTE VERSION kann deinstalliert werden: Code:
ATTFilter HijackThis 2.0.2 Deinstalliere unter Systemsteuerung-> Software/Programme: Code:
ATTFilter Bing Bar <- unnötig, kann weg SweetIM for Messenger <- muss weg! SweetIM Toolbar for Internet Explorer <- muss weg! Yahoo! Toolbar <- unnötig, kann weg Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Code:
ATTFilter McAfee SiteAdvisor - Browser-Plug-in 6. Zitat:
Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&m=aspire_8942g&r=273601104506l0363z1k5t4971h23q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes,DefaultScope = {AD189A32-E5E7-4B74-B6A9-769F055EDBD1} IE - HKCU\..\SearchScopes\{AD189A32-E5E7-4B74-B6A9-769F055EDBD1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ACAW_deCH363 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms} O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet) :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
7. Code:
ATTFilter Java(TM) 7 Update 5 Oracle 13.08.2012 99.3MB 7.0.50 Java(TM) 7 Update 5 (64-bit) Oracle 13.08.2012 95.0MB 7.0.50 Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 8. Alle Programme/Fenster schließen Java-Cache leeren - sollte man öfters tun! Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK -> Wie leere ich den Java-Cache? -> Java-Cache leeren -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann. 9. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 10. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
11. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
01.11.2012, 20:41 | #5 |
| Schweizerische Eidgenossenschaft, Windows 7 x64 Habe McAfee Antivirus vorgängig deinstalliert, und werde, wenn dann diese Prozedur abgeschlossen ist, auf Avast umsteigen. Daher ist momentan keine Antiviren-Software installiert. Das System läuft jetzt stabil. Logfile von OTL Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD189A32-E5E7-4B74-B6A9-769F055EDBD1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD189A32-E5E7-4B74-B6A9-769F055EDBD1}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blank\ deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\***\Desktop\cmd.bat deleted successfully. C:\Users\***\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: user ->Temp folder emptied: 0 bytes User: *** ->Temp folder emptied: 1940689 bytes ->Temporary Internet Files folder emptied: 371204 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 291 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 12010 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11012012_153226 Files\Folders moved on Reboot... C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
02.11.2012, 05:37 | #6 | ||
/// Helfer-Team | Schweizerische Eidgenossenschaft, Windows 7 x64 ** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner 2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! -> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt 6. Kostenlose Antivirus-Software installieren: -> Avast -> avast! Free Antivirus Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ --> Schweizerische Eidgenossenschaft, Windows 7 x64 |
12.11.2012, 17:11 | #7 |
| Schweizerische Eidgenossenschaft, Windows 7 x64 Der Virus scheint nun entfernt. Allerdings hatte ich probleme die avast Firewall zu installieren. Auch die Netzwerkadapter wurden unter Netzwerkverbindungen nicht angezeigt. Also habe ich die Treiber der Netzwerkkarten deinstalliert. Leider lassen sich diese aber nicht mehr installieren. Fehlercode 31 / Falscher Parameter. Habe es schon mit dem orignial und dem aktuellen Treiber probiert. Leider ohne Erfolg. Habt ihr Erfahrungen mit diesen Begleiterscheinungen? |
Themen zu Schweizerische Eidgenossenschaft, Windows 7 x64 |
avg, becker, bho, bingbar, bonjour, browser, canon, error, excel, firefox, flash player, format, help, hijack, hijackthis, home, intranet, karte, launch, limited.com/facebook, logfile, microsoft office 2003, msiinstaller, mywinlocker, nodrives, office 2007, plug-in, realtek, registry, rundll, secunia psi, security, siteadvisor, software, svchost.exe, trojaner, visual studio, windows, windows 7 x64, word 2003 |