| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.11.2012, 16:25
| #1 |
| |  GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Hallo, Windows 7 Home Premium 64 bit ich nutze meinen PC zwar häufig, allerdings für Office und Internet. Von Viren, Trojanern und dem Innenleben meines PC´s habe ich kaum Ahnung  Nun bin ich auf das Forum hier gestoßen und hoffe das es jemanden gibt, der mir helfen kann?Vor ca. zwei Monaten hatte ich den GVU Trojaner auf meinem Rechner. Was mich sehr verwunderte, war zum einen das mein Rechner nach einem Neustart wieder normal funktionierte "kein GVU Trojaner Desktop, überhaupt keine merkbaren Beeinträchtigungen im normalen Betrieb" und mein Bitdefender Internet Security 2012 nichts meldete. Ich habe den Schwachstellen Scan und den kompletten System Scan durchgeführt, Bitdefender hat nichts gefunden. Danach habe ich gegoogelt und bin auf die Kaspersky Rescue Disk 10 gestoßen. Beim durchlaufen der verschiedenen Schritte gab es dann auch einen Fund und so wie es schien, wurde der Trojaner beseitigt. Verschiedene Online Virenscanner und mein aktueller Scanner "Avira Internet Security" finden nichts. Ich bin allerdings etwas verunsichert. Vor kurzem wollte ich ein Programm deinstallieren und bin dazu in die Systemsteuerung/Programme und Funktionen. Dort entdeckte ich das etliche Male Windows Live Mesh Aktive X Control in verschiedenen Sprachen installiert ist. Ich habe alles, bis auf Windows Live Essentials deinstalliert. Als ich Tage später nochmal nachschaute, waren diese Programme wieder da. Dann wollte ich Windows Live deinstallieren, was zuerst einmal nicht funktionierte. Erst mit dem Revo Uninstaller lies sich das Programm nach mehreren Anläufen deinstallieren. Nun habe ich mit dem CCleaner im Autostart geschaut. Beim Internet Explorer Autostart stehen immer noch Windows Live Funktionen. Als ich diese deaktivieren wollte, wurde mir angezeigt das der Zugriff verweigert wurde. Ich bin völlig ratlos, ist das ein Systemfehler, oder doch vllt. noch der Trojaner? Vielen Dank im vorraus schonmal für die Hilfe!!! Ich habe den Defogger Logfile, weiß aber nicht, wie ich den einfügen soll? Einach hier reinkopieren? |
|
22.11.2012, 08:03
| #2 |
| /// the machine /// TB-Ausbilder    | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ |
|
22.11.2012, 11:40
| #3 |
| | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.11.2012 10:48:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicole_Ronny\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 4,47 Gb Available Physical Memory | 74,80% Memory free 11,96 Gb Paging File | 10,22 Gb Available in Paging File | 85,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,45 Gb Total Space | 385,37 Gb Free Space | 84,43% Space Free | Partition Type: NTFS Drive D: | 456,96 Gb Total Space | 456,59 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 246,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 3,69 Gb Total Space | 1,81 Gb Free Space | 49,23% Space Free | Partition Type: FAT32 Computer Name: NICOLE_RONNY-PC | User Name: Nicole_Ronny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe PRC - [2012.11.06 18:30:43 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.11.06 18:29:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.05 10:06:33 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.10.16 17:06:10 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 16:57:19 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.10.16 16:57:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2011.05.20 10:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2011.08.11 04:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2011.05.20 10:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ========== Services (SafeList) ========== SRV - [2012.11.06 18:30:43 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.11.05 10:06:33 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.10.16 17:06:10 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 16:57:19 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.10.16 16:57:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.04.02 22:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.02 13:25:31 | 000,140,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.19 11:34:07 | 000,113,808 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.03.16 02:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.11 11:20:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011.07.11 11:20:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011.07.11 11:20:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011.06.30 07:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.06.30 07:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.19 04:03:58 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\Nicole_Ronny\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0750B780-14CC-4214-9E13-2E24901151AD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4012_6&babsrc=SP_clro&mntrId=18e695fb000000000000c89cdc2d77a2 IE - HKCU\..\SearchScopes\{A1B64779-455E-4629-9AB5-69C2BDD0BC44}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012.09.08 08:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Extensions [2012.09.08 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions [2012.09.11 17:52:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions\support@lastpass.com ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: NPLastPass (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Forge of Empires = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg\1.2_0\ CHR - Extension: Google Drive = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\ CHR - Extension: Reggae Music TV = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckckjpfjflmoendemfpgimjjhgmjoegn\4.9.2_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\.bak CHR - Extension: Google-Suche = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: MondoZoo - Zoo-Spiel = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejafdpedefplpgoacblaboikebhhjlib\1.1.0.0_0\ CHR - Extension: Click&Clean = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\ CHR - Extension: Cut the Rope = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\ CHR - Extension: LastPass = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\ CHR - Extension: Revolution = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcipgebmlkblphemggnjpampjajepcam\1.1_0\ CHR - Extension: Chrome Flags = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhejngphiacapbgllhagbpdkkdieeaej\1.4_0\ CHR - Extension: Speed Dial 2 = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\ CHR - Extension: Evernote Web = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Qtube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\ CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.8_0\ CHR - Extension: Deezer = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.1_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: Hotmail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.1_0\ CHR - Extension: Google Mail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.11.19 06:12:56 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱 O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 Sex Dating Casual Friends | Social dating O1 - Hosts: 15276 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKCU..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Users\NICOLE~1\AppData\Local\Temp\E_S25DC.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.12.18 13:02:38 | 000,000,040 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{814129ab-048c-11e2-980c-c89cdc2d77a2}\Shell - "" = AutoRun O33 - MountPoints2\{814129ab-048c-11e2-980c-c89cdc2d77a2}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{814129c0-048c-11e2-980c-c89cdc2d77a2}\Shell - "" = AutoRun O33 - MountPoints2\{814129c0-048c-11e2-980c-c89cdc2d77a2}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{90594152-76cc-11e1-a1cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{90594152-76cc-11e1-a1cc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2001.12.18 13:03:28 | 000,210,200 | R--- | M] () O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: EPSON BX305 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIGJE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: FUFAXSTM - hkey= - key= - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: Uninstall C: - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 10:46:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe [2012.11.21 14:51:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe [2012.11.21 01:30:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Lea [2012.11.21 00:11:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\LocaleMetaData [2012.11.20 23:12:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.20 23:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.11.20 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\ResultReport-Dateien [2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW [2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW [2012.11.20 11:28:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.11.20 11:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware [2012.11.20 11:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware [2012.11.20 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Programs [2012.11.19 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012.11.19 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012.11.19 20:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012.11.19 07:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.19 05:06:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Avira [2012.11.19 05:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.19 05:06:18 | 000,140,576 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012.11.19 05:06:18 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.19 05:06:18 | 000,113,808 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012.11.19 05:06:18 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.19 05:06:18 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.19 05:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.19 05:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.19 05:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.11.19 04:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012.11.19 04:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.11.19 04:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro [2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen [2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen [2012.11.19 04:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro [2012.11.19 04:55:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations [2012.11.19 04:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.11.19 02:46:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Secunia PSI [2012.11.19 02:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.11.19 02:32:03 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012.11.11 12:56:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{5B0F5175-3DB3-485A-BF4E-8E59275D7E55} [2012.11.09 14:00:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{BCA0C15B-0ED4-47E3-970C-A2AC47618E2B} [2012.11.08 14:05:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{F224BCAB-2619-49E2-ADCC-9DBF01CB4019} [2012.11.07 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{C2B320E2-2DBE-4243-9436-B774BFB18B75} [2012.11.05 04:52:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Barf [2012.10.24 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bibi Blocksberg [2012.10.24 17:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bibi Blocksberg [2012.10.24 17:49:27 | 000,000,000 | ---D | C] -- C:\Kiddinx [2012.08.24 11:22:52 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [3 C:\Users\Nicole_Ronny\Documents\*.tmp files -> C:\Users\Nicole_Ronny\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.22 10:47:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe [2012.11.22 10:09:24 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 10:09:24 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 10:01:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 10:01:42 | 522,719,231 | -HS- | M] () -- C:\hiberfil.sys [2012.11.21 20:51:28 | 000,001,957 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf [2012.11.21 20:42:45 | 000,047,248 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf [2012.11.21 14:53:55 | 000,278,161 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip [2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe [2012.11.21 14:50:47 | 000,050,477 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Defogger.exe [2012.11.21 14:37:05 | 000,000,000 | ---- | M] () -- C:\Users\Nicole_Ronny\defogger_reenable [2012.11.21 02:06:59 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job [2012.11.21 02:06:59 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job [2012.11.21 02:06:59 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2012.11.21 01:18:20 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk [2012.11.21 00:11:19 | 000,069,632 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx [2012.11.20 22:51:40 | 000,105,272 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html [2012.11.20 19:49:24 | 000,000,108 | ---- | M] () -- C:\index.ini [2012.11.20 19:48:39 | 000,013,536 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm [2012.11.20 15:49:02 | 012,845,056 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb [2012.11.20 15:08:13 | 000,000,903 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk [2012.11.20 10:22:07 | 000,007,648 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg [2012.11.19 19:51:44 | 001,613,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 19:51:44 | 000,697,064 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 19:51:44 | 000,652,382 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 19:51:44 | 000,148,102 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 19:51:44 | 000,121,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 08:05:45 | 026,850,922 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp [2012.11.19 07:48:38 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.19 06:12:56 | 000,444,833 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.19 05:25:36 | 001,550,476 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf [2012.11.19 05:08:34 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.19 05:06:29 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.19 05:01:20 | 000,001,226 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Spybot - Search & Destroy.lnk [2012.11.19 04:59:51 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.11.19 04:00:28 | 000,002,440 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk [2012.11.19 02:46:13 | 000,001,074 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.11.19 02:32:03 | 000,001,232 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk [2012.11.19 02:29:01 | 000,144,892 | ---- | M] () -- C:\ProgramData\1353287791.bdinstall.bin [2012.11.19 01:38:57 | 000,000,325 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2012.11.19 01:22:44 | 000,079,873 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf [2012.11.08 09:06:12 | 000,000,680 | RHS- | M] () -- C:\Users\Nicole_Ronny\ntuser.pol [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.02 13:25:31 | 000,140,576 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012.10.28 18:54:08 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 17:49:33 | 000,000,019 | ---- | M] () -- C:\Windows\BibiHexe.ini [2012.10.24 17:49:32 | 000,001,237 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Das vertauschte Hexenkraut.lnk [3 C:\Users\Nicole_Ronny\Documents\*.tmp files -> C:\Users\Nicole_Ronny\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.21 20:51:28 | 000,001,957 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf [2012.11.21 20:42:39 | 000,047,248 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf [2012.11.21 14:53:55 | 000,278,161 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip [2012.11.21 14:50:46 | 000,050,477 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Defogger.exe [2012.11.21 14:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Nicole_Ronny\defogger_reenable [2012.11.21 00:11:06 | 000,069,632 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx [2012.11.20 22:51:40 | 000,105,272 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html [2012.11.20 19:48:39 | 000,013,536 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm [2012.11.20 18:10:36 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2012.11.20 15:08:13 | 000,000,903 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk [2012.11.20 11:43:21 | 012,845,056 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb [2012.11.20 11:28:10 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk [2012.11.20 09:14:15 | 000,000,108 | ---- | C] () -- C:\index.ini [2012.11.19 08:05:49 | 026,850,922 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp [2012.11.19 07:48:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.11.19 07:48:38 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.19 05:25:35 | 001,550,476 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf [2012.11.19 05:06:29 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.19 05:01:20 | 000,001,226 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Spybot - Search & Destroy.lnk [2012.11.19 04:59:51 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.11.19 04:53:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.19 04:47:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.19 04:00:28 | 000,002,440 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk [2012.11.19 03:59:36 | 000,001,148 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job [2012.11.19 03:59:36 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job [2012.11.19 02:46:13 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.11.19 02:46:13 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.11.19 02:32:03 | 000,001,232 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk [2012.11.19 02:29:01 | 000,144,892 | ---- | C] () -- C:\ProgramData\1353287791.bdinstall.bin [2012.11.19 01:22:42 | 000,079,873 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf [2012.11.05 05:00:36 | 000,042,660 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\377799_395830953805396_1208063472_n.jpg [2012.10.24 17:49:33 | 000,000,019 | ---- | C] () -- C:\Windows\BibiHexe.ini [2012.10.24 17:49:32 | 000,001,237 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Das vertauschte Hexenkraut.lnk [2012.10.15 11:32:36 | 000,039,157 | ---- | C] () -- C:\Users\Nicole_Ronny\1350297157261.jpg [2012.09.12 05:14:08 | 000,782,872 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 029.jpg [2012.09.12 05:14:08 | 000,756,104 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 031.jpg [2012.09.12 05:14:08 | 000,710,268 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 030.jpg [2012.09.12 05:14:08 | 000,617,316 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 032.jpg [2012.09.11 16:07:13 | 000,007,648 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg [2012.09.11 12:51:06 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.09 17:23:26 | 000,015,238 | ---- | C] () -- C:\Users\Nicole_Ronny\0-41BFAB99-800.jpg [2012.09.09 17:23:26 | 000,015,107 | ---- | C] () -- C:\Users\Nicole_Ronny\0-1802B6E1-800.jpg [2012.09.09 17:23:26 | 000,015,027 | ---- | C] () -- C:\Users\Nicole_Ronny\0-CB8D2DBD-800.jpg [2012.04.12 13:24:50 | 000,000,204 | ---- | C] () -- C:\Windows\wininit.ini [2012.03.30 12:57:46 | 000,000,680 | RHS- | C] () -- C:\Users\Nicole_Ronny\ntuser.pol [2012.03.26 10:28:28 | 000,182,741 | ---- | C] () -- C:\ProgramData\1332753721.bdinstall.bin [2012.03.26 09:32:46 | 000,232,238 | ---- | C] () -- C:\ProgramData\1332750508.bdinstall.bin [2012.03.26 09:08:57 | 000,033,598 | ---- | C] () -- C:\ProgramData\1332749329.bdinstall.bin [2012.03.26 08:36:03 | 001,590,274 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.03 17:43:24 | 000,078,041 | ---- | C] () -- C:\Users\Nicole_Ronny\253493_181725435214794_100001320155288_432283_5783061_n.jpg [2011.08.03 17:26:36 | 000,094,105 | ---- | C] () -- C:\Users\Nicole_Ronny\38369_106656942721644_100001320155288_52090_4441664_n.jpg [2011.07.20 17:57:44 | 000,090,362 | ---- | C] () -- C:\Users\Nicole_Ronny\FCEAEA68-9F30-4CF3-8EF1-FEFA15A46F87.jpg [2011.07.13 08:15:08 | 000,018,553 | ---- | C] () -- C:\Users\Nicole_Ronny\189234_162313683822636_100001320155288_321446_1238858_n.jpg [2011.06.12 13:36:14 | 000,689,020 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 006.jpg [2011.06.12 13:36:12 | 000,696,664 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 004.jpg [2011.06.12 13:36:12 | 000,650,524 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 003.jpg [2011.06.12 13:36:10 | 000,773,716 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 001.jpg [2011.06.12 13:36:10 | 000,731,220 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 002.jpg [2011.06.02 17:33:18 | 000,749,728 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 013.jpg [2011.06.02 17:33:16 | 000,635,520 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 010.jpg [2011.04.22 20:39:12 | 000,652,861 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0761.jpg [2011.04.22 20:37:30 | 000,817,456 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0767.jpg [2011.04.22 20:36:58 | 000,805,195 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0768.jpg [2011.04.22 20:36:26 | 000,821,366 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0769.jpg [2011.04.22 20:04:30 | 000,607,628 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0764.jpg [2006.01.01 12:09:10 | 000,712,756 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0004 (3).jpg [2006.01.01 12:08:40 | 000,651,260 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0003 (3).jpg [2006.01.01 11:07:54 | 000,568,656 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0015.jpg [2006.01.01 11:02:10 | 000,671,016 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0009.jpg [2006.01.01 11:01:32 | 000,817,044 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0008.jpg [2006.01.01 11:01:18 | 000,695,184 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0007.jpg [2006.01.01 11:00:58 | 000,754,920 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0006.jpg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.19 04:55:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations [2012.05.02 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Epson [2012.11.19 04:56:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen [2012.08.23 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Mystery of Mortlake Mansion [2012.11.19 05:29:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro [2012.03.26 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\OEM [2012.10.02 14:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PerformerSoft [2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PowerCinema [2012.10.11 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\QuickScan [2012.11.21 01:04:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\SoftGrid Client [2012.03.26 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TP [2012.04.07 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TuxPaint [2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\WildTangent [2012.03.30 12:15:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.20 23:12:39 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.03.26 09:03:04 | 000,000,000 | R--D | M] -- C:\Backup [2011.09.22 13:49:01 | 000,000,000 | ---D | M] -- C:\book [2012.11.20 23:48:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.11 10:24:03 | 000,000,000 | ---D | M] -- C:\Intel [2012.10.24 17:49:27 | 000,000,000 | ---D | M] -- C:\Kiddinx [2012.09.11 17:49:33 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.09.11 17:49:33 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2012.11.20 23:04:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.20 15:08:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.11.19 05:33:21 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Programme [2012.03.26 07:57:55 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.22 10:49:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.21 01:30:42 | 000,000,000 | R--D | M] -- C:\Users [2012.03.07 07:16:54 | 000,000,000 | -H-D | M] -- C:\VritualRoot [2012.11.22 10:01:53 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2012.11.20 23:04:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F86417009FF} [2012.11.19 02:17:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC} [2012.11.19 20:07:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{31A559C1-9E4D-423B-9DD3-34A6C5398752} [2012.11.19 20:07:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F} [2012.11.19 04:58:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} [2012.11.19 07:48:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1031-7B44-AB0000000001} < %localappdata%\*. /5 > [2012.11.21 01:01:10 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Diagnostics [2012.11.20 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Downloaded Installations [2012.11.19 04:59:51 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Google [2012.11.20 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Programs [2012.11.19 02:46:17 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Secunia PSI [2012.11.22 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Temp < End of report > |
|
22.11.2012, 11:44
| #4 |
| | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2012 10:09:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicole_Ronny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,98 Gb Total Physical Memory | 4,12 Gb Available Physical Memory | 68,84% Memory free
11,96 Gb Paging File | 9,85 Gb Available in Paging File | 82,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,45 Gb Total Space | 385,37 Gb Free Space | 84,43% Space Free | Partition Type: NTFS
Drive D: | 456,96 Gb Total Space | 456,59 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 246,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,69 Gb Total Space | 1,81 Gb Free Space | 49,23% Space Free | Partition Type: FAT32
Computer Name: NICOLE_RONNY-PC | User Name: Nicole_Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.WRGSH7JCMTFDPJGLSBDMIM6VJY] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F712571-905C-4912-BEA7-6A9C6218D810}" = lport=139 | protocol=6 | dir=in | app=system |
"{1698507A-3CE8-4378-A8BA-A3F6674F85B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B854FDA-E6CA-4C21-BF27-0DF66E84E8DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{1B91BD0F-DC75-4422-BD45-5CBAEAE2A7DF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\wnt500x64\rpcsandrasrv.exe |
"{246DDC0D-5FC9-4B34-A46E-76EB68CE4A20}" = lport=445 | protocol=6 | dir=in | app=system |
"{37A88702-306B-4AF3-BB21-13851D71BB93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39DB3247-186B-45E9-AC6A-59EE4E23498F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{41CE34CD-482A-4215-A027-D434B5A6F7D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{4478E472-DF84-402E-A38D-89C5ECC6827B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4847DDA4-01A9-4D65-8820-BD83A161CF2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5561476E-0D97-4D3C-9424-C2F5E4A93786}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DDB9B9F-26B0-40F8-965A-2611D12D4732}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{600BA4A8-53A4-488A-A939-FD6B7E5939A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6125EDC3-74F2-4806-B082-8B89386536AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64D161F8-C9A4-4726-9B05-B945C9BD7BC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{71E58778-9E77-4DE1-8407-D40965279A41}" = lport=138 | protocol=17 | dir=in | app=system |
"{77FE38F4-748C-4AB0-917C-586AD0460F6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{914DF2DD-76FF-47E9-AF2D-23AC342782FC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\rpcagentsrv.exe |
"{94D05365-AABB-4DAF-9E5A-00FCE566DB49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9597C05A-1907-40A9-B1FA-916B94D1DCED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9817ED3A-C0ED-4566-B0B0-EB12F5630204}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{98AAF382-C13D-4979-A805-1D06AEB95BA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A430D857-A359-45E5-91B0-EF0E722E4CE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8E80763-EF1D-453D-BE79-58F38192FEDE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E674D7-C4A4-4F11-9C7C-B7CDB5AC2A39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7578772-6BF1-4FE4-8327-D239E648D280}" = rport=139 | protocol=6 | dir=out | app=system |
"{FDB88A66-958D-4285-8677-65C52FC06F99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04987977-AE2C-460B-ADE0-4BF940E0D23A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{123249A5-0DFA-42D6-9FA1-597DBDA68AE4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{124A8462-1E46-48AF-946B-47EBE190668F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{17E4B447-DF11-4459-A645-F47BAA41325B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{3CD9374B-5B1B-4C33-A4E3-FF258EBF8C84}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{42442144-8CCC-40D9-8343-2454CC742F8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4936F6FA-791F-49C0-81CD-7B3763DE851B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53744E09-92A5-40D2-A849-14CB91900DAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55ABA293-EDBE-4674-9FC6-5C2DDD0F1F2F}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{65FE6145-F534-4DF1-94CD-DC6EEEB7BF99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69B4221A-E03C-4980-A65B-E837D1FB3968}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7C55A2C8-82FE-4092-A403-5A76ED4D2AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CCF47B1-2A16-4F99-BC6C-F91381525C26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{812B2FBD-0DC4-4141-BC33-775ECDB81DA3}" = protocol=6 | dir=out | app=system |
"{8353C6CB-3E2A-4BA8-AB29-96DDC097DB41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86441572-9735-47E6-8DDA-036577C1434F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{867F9B08-8098-4AD2-A04F-4F54F1A1045F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{8DE01739-38F9-486A-AF77-CC5114D4E5B9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{AC6BB3F4-630A-488B-A136-C8E48A25C5A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE793A04-A9EA-4512-B3A9-F4B64A69182D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B66D67CF-61C6-4A48-A84F-FCEF5666B706}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B86C6A0D-233A-4418-8B54-21CAF279E66D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6125FDC-6587-47BD-9C4E-227FF62406C9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{DC839627-C03E-4ECC-AB34-A5CBA3CFC6D4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{ED91579B-7073-4D88-BAA2-EF8754A652D9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F48842D7-860B-4687-A39B-2A55AF1ED042}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7EBDD2F-A238-4397-975C-A61871CDE935}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F903ED9E-0D1D-4EA1-A037-33AC37A03DE7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SDEPRO20_is1" = SDExplorer 3.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Avira AntiVir Desktop" = Avira Internet Security
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON Scanner" = EPSON Scan
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"LastPass" = LastPass (uninstall only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Tux Paint_is1" = Tux Paint 0.9.21
"WildTangent acer Master Uninstall" = Acer Games
"WTA-0550479a-03fc-4a53-839e-dcbc21801afe" = Plants vs. Zombies - Game of the Year
"WTA-067c94de-c523-42df-bceb-75e5d02e1e33" = Jewel Match 3
"WTA-2b12e054-5c6d-4d4c-b0b5-55d536f7650c" = Crazy Chicken Kart 2
"WTA-2cfed0ee-6fec-4da2-9103-38f2ac3bf6a8" = Zuma Deluxe
"WTA-38875c2b-bda0-4950-b036-cc8d1c903ee7" = Bejeweled 2 Deluxe
"WTA-46a8b91d-8519-4fb7-855e-08a99200260c" = Virtual Villagers 4 - The Tree of Life
"WTA-4ae7830b-cd65-4e29-aacc-29e7a8bfc58d" = Chuzzle Deluxe
"WTA-5192aee3-bca7-416e-8890-e21584368783" = Agatha Christie - Death on the Nile
"WTA-64939b29-46f6-42bf-a60c-350ab1f3b55d" = FATE
"WTA-76877f0a-0501-4908-b160-38d234993cff" = Torchlight
"WTA-83112490-d789-4869-bdb2-ed6b61b9760c" = John Deere Drive Green
"WTA-8a4dd94a-6902-476b-a998-29468ac12b3b" = Mystery of Mortlake Mansion
"WTA-9067186d-4a7e-4ee5-9b5b-3cadf97bc94f" = Penguins!
"WTA-9683e1b6-a573-429b-946e-f2e287afceef" = Wedding Dash
"WTA-aceef271-c3b4-4695-bc35-9f80ad198a59" = Insaniquarium Deluxe
"WTA-d3d2ab8c-30c2-423a-bb17-3e6c2aa34738" = Final Drive: Nitro
"WTA-df8ef4d0-770f-4bd8-80fd-73c01ecc4e89" = Slingo Deluxe
"WTA-f6a5b977-5b91-43c9-b7bc-e3489640ca7b" = Polar Bowler
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2012 04:12:20 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.10.2012 07:26:50 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.10.2012 05:00:16 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.10.2012 05:28:28 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.10.2012 13:05:49 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.10.2012 02:29:52 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.10.2012 02:15:08 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.10.2012 06:48:07 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 02:46:11 | Computer Name = Nicole_Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.10.2012 12:15:17 | Computer Name = Nicole_Ronny-PC | Source = Application Hang | ID = 1002
Description = Programm clear.fi.exe, Version 1.0.2228.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c88 Startzeit:
01cdaaf02d964239 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
Berichts-ID:
798dd2f6-16e3-11e2-a4e2-c89cdc2d77a2
[ System Events ]
Error - 16.08.2012 01:59:15 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 17.08.2012 02:06:23 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 18.08.2012 03:17:18 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 18.08.2012 03:37:20 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 19.08.2012 03:44:31 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 20.08.2012 15:18:04 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 21.08.2012 22:13:18 | Computer Name = Nicole_Ronny-PC | Source = DCOM | ID = 10010
Description =
Error - 23.08.2012 03:29:58 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 24.08.2012 02:27:15 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 24.08.2012 05:49:30 | Computer Name = Nicole_Ronny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
< End of report >
Danke auch für die Hilfe  aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-22 11:46:57 ----------------------------- 11:46:57.303 OS Version: Windows x64 6.1.7601 Service Pack 1 11:46:57.303 Number of processors: 4 586 0x2A07 11:46:57.303 ComputerName: NICOLE_RONNY-PC UserName: Nicole_Ronny 11:46:58.317 Initialize success 11:48:59.860 AVAST engine defs: 12112200 12:07:19.648 The log file has been saved successfully to "C:\Users\Nicole_Ronny\Desktop\aswMBR.txt" Ich glaub ich hab den Scan vorzeitig beendet. Hier der komplette Scan: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-22 13:41:11 ----------------------------- 13:41:11.765 OS Version: Windows x64 6.1.7601 Service Pack 1 13:41:11.765 Number of processors: 4 586 0x2A07 13:41:11.765 ComputerName: NICOLE_RONNY-PC UserName: Nicole_Ronny 13:41:13.036 Initialize success 13:41:18.682 AVAST engine defs: 12112200 13:41:22.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:41:22.228 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3 13:41:22.257 Disk 0 MBR read successfully 13:41:22.260 Disk 0 MBR scan 13:41:22.266 Disk 0 Windows 7 default MBR code 13:41:22.278 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048 13:41:22.297 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784 13:41:22.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467406 MB offset 37955584 13:41:22.339 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 467929 MB offset 995203072 13:41:22.363 Disk 0 scanning C:\Windows\system32\drivers 13:41:30.418 Service scanning 13:41:45.583 Modules scanning 13:41:45.592 Disk 0 trace - called modules: 13:41:45.935 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 13:41:45.941 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e1b060] 13:41:45.946 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f32050] 13:41:47.447 AVAST engine scan C:\Windows 13:41:49.142 AVAST engine scan C:\Windows\system32 13:43:47.431 AVAST engine scan C:\Windows\system32\drivers 13:43:57.042 AVAST engine scan C:\Users\Nicole_Ronny 13:47:11.664 AVAST engine scan C:\ProgramData 13:47:31.672 Scan finished successfully 14:17:53.471 Disk 0 MBR has been saved successfully to "C:\Users\Nicole_Ronny\Desktop\MBR.dat" 14:17:53.474 The log file has been saved successfully to "C:\Users\Nicole_Ronny\Desktop\aswMBR.txt" Geändert von Nic69 (22.11.2012 um 12:10 Uhr) |
|
22.11.2012, 15:28
| #5 | |
| /// the machine /// TB-Ausbilder | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.11.2012, 17:30
| #6 |
| | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Combofix Logfile: Code:
ATTFilter ComboFix 12-11-22.03 - Nicole_Ronny 22.11.2012 17:15:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6126.4552 [GMT 1:00]
ausgeführt von:: c:\users\Nicole_Ronny\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1332749329.bdinstall.bin
c:\programdata\1332750508.bdinstall.bin
c:\programdata\1332753721.bdinstall.bin
c:\programdata\1353287791.bdinstall.bin
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Nicole_Ronny\AppData\Roaming\siw_sdk.dll
c:\users\Nicole_Ronny\Documents\~WRL0003.tmp
c:\users\Nicole_Ronny\Documents\~WRL2012.tmp
c:\users\Nicole_Ronny\Documents\~WRL2507.tmp
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-22 bis 2012-11-22 ))))))))))))))))))))))))))))))
.
.
2012-11-22 16:18 . 2012-11-22 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 16:17 . 2012-11-22 16:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{439AF7CE-1A41-4816-BDEA-3781DC4AD04B}\offreg.dll
2012-11-20 22:05 . 2012-11-20 22:04 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-20 22:05 . 2012-11-20 22:04 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-20 22:05 . 2012-11-20 22:04 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-20 22:04 . 2012-11-20 22:04 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-20 22:04 . 2012-11-20 22:04 188904 ----a-w- c:\windows\system32\java.exe
2012-11-20 22:04 . 2012-11-20 22:04 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-20 22:04 . 2012-11-20 22:04 -------- d-----w- c:\program files\Java
2012-11-20 14:08 . 2012-11-20 14:08 -------- d-----w- c:\program files (x86)\SIW
2012-11-20 10:28 . 2012-11-20 10:28 -------- d-----w- c:\program files\SiSoftware
2012-11-20 10:27 . 2012-11-20 10:27 -------- d-----w- c:\users\Nicole_Ronny\AppData\Local\Programs
2012-11-19 19:07 . 2012-11-19 19:07 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-11-19 19:07 . 2012-11-20 18:52 -------- d-----w- c:\program files (x86)\HTC
2012-11-19 04:06 . 2012-11-22 16:03 -------- d-----w- c:\programdata\Avira
2012-11-19 04:01 . 2012-11-22 15:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-19 04:01 . 2012-11-22 15:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-19 03:58 . 2012-11-19 03:58 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-19 03:56 . 2012-11-19 04:29 -------- d-----w- c:\users\Nicole_Ronny\AppData\Roaming\Nitro
2012-11-19 03:56 . 2012-11-19 03:56 -------- d-----w- c:\users\Nicole_Ronny\AppData\Roaming\FileOpen
2012-11-19 03:56 . 2012-11-19 03:56 -------- d-----w- c:\programdata\FileOpen
2012-11-19 03:56 . 2012-11-19 03:56 -------- d-----w- c:\programdata\Nitro
2012-11-19 03:55 . 2012-11-19 03:55 -------- d-----w- c:\users\Nicole_Ronny\AppData\Roaming\Downloaded Installations
2012-11-19 03:53 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-19 03:53 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 03:53 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 03:53 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 03:47 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{439AF7CE-1A41-4816-BDEA-3781DC4AD04B}\mpengine.dll
2012-11-19 03:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 03:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 03:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 03:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 03:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 03:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 03:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 01:46 . 2012-11-19 01:46 -------- d-----w- c:\users\Nicole_Ronny\AppData\Local\Secunia PSI
2012-11-19 01:46 . 2012-11-19 01:46 -------- d-----w- c:\program files (x86)\Secunia
2012-10-28 18:13 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-28 18:13 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-28 18:13 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-28 18:13 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-28 18:13 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-28 18:13 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-28 18:13 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-28 18:13 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-28 18:12 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-28 18:12 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-28 18:11 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-28 18:11 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-28 18:11 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-28 18:10 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-28 18:10 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-24 16:49 . 2012-10-24 16:49 -------- d-----w- C:\Kiddinx
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 16:06 . 2012-09-12 02:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 16:06 . 2012-09-12 02:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-19 03:48 . 2012-07-28 21:13 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-19 03:02 . 2012-08-27 08:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-19 03:02 . 2012-08-27 08:53 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 10:22 . 2012-08-24 10:22 14690376 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe"
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Nicole_Ronny\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-11 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-11 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-11 62776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-23 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 16:06]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job
- c:\users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-19 02:59]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job
- c:\users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-19 02:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: LastPass - file://c:\users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-22 17:19:30
ComboFix-quarantined-files.txt 2012-11-22 16:19
.
Vor Suchlauf: 9 Verzeichnis(se), 420.348.071.936 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 420.035.530.752 Bytes frei
.
- - End Of File - - 96BBEB839B7F764B28434C7CAF96E48D
|
|
22.11.2012, 17:37
| #7 |
| /// the machine /// TB-Ausbilder | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Hi, Sieht schon besser aus. Wie läuft der Rechner? ESET Online Scanner
Und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.11.2012, 19:22
| #8 |
| | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Hi, der Rechner läuft gut. Was war/ist das? Ein Trojaner? Ich habe den Eset Scan durchlaufen lassen, leider finde ich nach Abschluss "List of found threats und und Export to text file" nicht. Ich lasse den Scanner nochmal laufen und melde mich. Gruss Nicole |
|
23.11.2012, 09:28
| #9 |
| /// the machine /// TB-Ausbilder | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Jep, da war en bissl Ransomware und Krams aktiv. Poste bitte das ESET-Log wenn Du es hast, wenn keins kommt egal, dann nur ein frisches OTL log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.11.2012, 16:17
| #10 |
| | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Ich habe nochmal den Code in Benutzerdefinierte Scans gepostet. War das richtig? Sry, wenn ich doof frage und danke für die Geduld!OTL Logfile:Code:
ATTFilter OTL logfile created on: 24.11.2012 15:55:47 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicole_Ronny\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 4,63 Gb Available Physical Memory | 77,31% Memory free 11,96 Gb Paging File | 10,48 Gb Available in Paging File | 87,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,45 Gb Total Space | 391,30 Gb Free Space | 85,73% Space Free | Partition Type: NTFS Drive D: | 456,96 Gb Total Space | 456,59 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive G: | 3,69 Gb Total Space | 1,81 Gb Free Space | 49,23% Space Free | Partition Type: FAT32 Computer Name: NICOLE_RONNY-PC | User Name: Nicole_Ronny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe PRC - [2012.11.06 18:29:54 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2011.05.20 10:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe ========== Modules (No Company Name) ========== MOD - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2011.08.11 04:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2011.05.20 10:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ========== Services (SafeList) ========== SRV - [2012.11.22 17:06:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.04.02 22:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2011.03.23 22:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.16 02:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.11 11:20:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011.07.11 11:20:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011.07.11 11:20:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011.06.30 07:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.06.30 07:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0750B780-14CC-4214-9E13-2E24901151AD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4012_6&babsrc=SP_clro&mntrId=18e695fb000000000000c89cdc2d77a2 IE - HKCU\..\SearchScopes\{A1B64779-455E-4629-9AB5-69C2BDD0BC44}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012.09.08 08:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Extensions [2012.09.08 08:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions [2012.09.11 17:52:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nicole_Ronny\AppData\Roaming\mozilla\Firefox\Profiles\1upozltt.default\extensions\support@lastpass.com ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: NPLastPass (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nicole_Ronny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Forge of Empires = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg\1.2_0\ CHR - Extension: Google Drive = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\ CHR - Extension: Reggae Music TV = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckckjpfjflmoendemfpgimjjhgmjoegn\4.9.2_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.6_0\.bak CHR - Extension: Google-Suche = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Click&Clean = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\ CHR - Extension: LastPass = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\ CHR - Extension: Go Home Dinosaurs (Beta) = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icefnknicgejiphafapflechfoeelbeo\1.0.0.8_0\ CHR - Extension: Revolution = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcipgebmlkblphemggnjpampjajepcam\1.1_0\ CHR - Extension: Chrome Flags = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhejngphiacapbgllhagbpdkkdieeaej\1.4_0\ CHR - Extension: Evernote Web = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Qtube = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\ CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.9_0\ CHR - Extension: Deezer = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.1_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: Hotmail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.1_0\ CHR - Extension: Google Mail = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren = C:\Users\Nicole_Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckfhbhieclolphcegeiohhapkkhhla\2012.11.22.31122_0\ O1 HOSTS File: ([2012.11.22 17:18:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: LastPass - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole_Ronny\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: EPSON BX305 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIGJE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: FUFAXSTM - hkey= - key= - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Nicole_Ronny\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: Uninstall C: - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 20:46:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Avira [2012.11.23 20:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.23 20:41:24 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.23 20:41:24 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.23 20:41:23 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.23 20:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.22 18:00:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nicole_Ronny\Desktop\esetsmartinstaller_enu.exe [2012.11.22 17:32:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.22 17:14:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.22 17:14:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.22 17:14:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.22 17:14:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.22 17:14:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.22 16:56:39 | 005,005,176 | R--- | C] (Swearware) -- C:\Users\Nicole_Ronny\Desktop\ComboFix.exe [2012.11.22 10:46:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe [2012.11.21 14:51:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe [2012.11.21 01:30:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Lea [2012.11.21 00:11:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\LocaleMetaData [2012.11.20 23:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.11.20 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Documents\ResultReport-Dateien [2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW [2012.11.20 15:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW [2012.11.20 11:28:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.11.20 11:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware [2012.11.20 11:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware [2012.11.20 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Programs [2012.11.19 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012.11.19 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012.11.19 20:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012.11.19 07:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.19 05:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.19 05:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.11.19 04:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012.11.19 04:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.11.19 04:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro [2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen [2012.11.19 04:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen [2012.11.19 04:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro [2012.11.19 04:55:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations [2012.11.19 04:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.11.19 02:46:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\Secunia PSI [2012.11.19 02:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.11.19 02:32:03 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012.11.11 12:56:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{5B0F5175-3DB3-485A-BF4E-8E59275D7E55} [2012.11.09 14:00:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{BCA0C15B-0ED4-47E3-970C-A2AC47618E2B} [2012.11.08 14:05:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{F224BCAB-2619-49E2-ADCC-9DBF01CB4019} [2012.11.07 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\AppData\Local\{C2B320E2-2DBE-4243-9436-B774BFB18B75} [2012.11.05 04:52:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole_Ronny\Desktop\Barf [2012.08.24 11:22:52 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2012.11.24 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.24 14:27:56 | 000,129,046 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\2012-11-08-1340495588_04-RG.PDF [2012.11.24 14:22:42 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 14:22:42 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 14:15:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.24 14:15:08 | 522,719,231 | -HS- | M] () -- C:\hiberfil.sys [2012.11.23 20:41:27 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.22 18:00:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Nicole_Ronny\Desktop\esetsmartinstaller_enu.exe [2012.11.22 17:37:32 | 105,142,912 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\avira_free_antivirus_de.exe [2012.11.22 17:18:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.22 16:56:47 | 005,005,176 | R--- | M] (Swearware) -- C:\Users\Nicole_Ronny\Desktop\ComboFix.exe [2012.11.22 10:47:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Nicole_Ronny\Desktop\aswMBR.exe [2012.11.21 20:51:28 | 000,001,957 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf [2012.11.21 20:42:45 | 000,047,248 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf [2012.11.21 14:53:55 | 000,278,161 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip [2012.11.21 14:51:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole_Ronny\Desktop\OTL.exe [2012.11.21 14:37:05 | 000,000,000 | ---- | M] () -- C:\Users\Nicole_Ronny\defogger_reenable [2012.11.21 02:06:59 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job [2012.11.21 02:06:59 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job [2012.11.21 01:18:20 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk [2012.11.21 00:11:19 | 000,069,632 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx [2012.11.20 22:51:40 | 000,105,272 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html [2012.11.20 19:49:24 | 000,000,108 | ---- | M] () -- C:\index.ini [2012.11.20 19:48:39 | 000,013,536 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm [2012.11.20 15:49:02 | 012,845,056 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb [2012.11.20 15:08:13 | 000,000,903 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk [2012.11.20 10:22:07 | 000,007,648 | ---- | M] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg [2012.11.19 19:51:44 | 001,613,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 19:51:44 | 000,697,064 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 19:51:44 | 000,652,382 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 19:51:44 | 000,148,102 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 19:51:44 | 000,121,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 08:05:45 | 026,850,922 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp [2012.11.19 07:48:38 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.19 05:25:36 | 001,550,476 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf [2012.11.19 05:08:34 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.19 04:59:51 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.11.19 04:00:28 | 000,002,440 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk [2012.11.19 02:46:13 | 000,001,074 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.11.19 02:32:03 | 000,001,232 | ---- | M] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk [2012.11.19 01:38:57 | 000,000,325 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2012.11.19 01:22:44 | 000,079,873 | ---- | M] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf [2012.11.08 09:06:12 | 000,000,680 | RHS- | M] () -- C:\Users\Nicole_Ronny\ntuser.pol [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.28 18:54:08 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2012.11.24 14:27:52 | 000,129,046 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\2012-11-08-1340495588_04-RG.PDF [2012.11.23 20:41:27 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.22 17:35:00 | 105,142,912 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\avira_free_antivirus_de.exe [2012.11.22 17:14:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.22 17:14:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.22 17:14:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.22 17:14:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.22 17:14:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.22 17:06:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.21 20:51:28 | 000,001,957 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Kuendigungsschreiben.pdf [2012.11.21 20:42:39 | 000,047,248 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Ihr_Auftragsformular.pdf [2012.11.21 14:53:55 | 000,278,161 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\gmer1015.zip [2012.11.21 14:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Nicole_Ronny\defogger_reenable [2012.11.21 00:11:06 | 000,069,632 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\fehlerbericht.evtx [2012.11.20 22:51:40 | 000,105,272 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\ResultReport.html [2012.11.20 19:48:39 | 000,013,536 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\emisoft.htm [2012.11.20 15:08:13 | 000,000,903 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\SIW.lnk [2012.11.20 11:43:21 | 012,845,056 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Roaming\Sandra.mdb [2012.11.20 11:28:10 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.lnk [2012.11.20 09:14:15 | 000,000,108 | ---- | C] () -- C:\index.ini [2012.11.19 08:05:49 | 026,850,922 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\doc038.bmp [2012.11.19 07:48:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.11.19 07:48:38 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.19 05:25:35 | 001,550,476 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\img037.pdf [2012.11.19 04:59:51 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.11.19 04:53:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.19 04:47:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.19 04:00:28 | 000,002,440 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Google Chrome.lnk [2012.11.19 03:59:36 | 000,001,148 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001UA.job [2012.11.19 03:59:36 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410971709-1018064227-2985839609-1001Core.job [2012.11.19 02:46:13 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.11.19 02:46:13 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.11.19 02:32:03 | 000,001,232 | ---- | C] () -- C:\Users\Nicole_Ronny\Desktop\Revo Uninstaller.lnk [2012.11.19 01:22:42 | 000,079,873 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\Bewerbungen_NB05.12-11.12.pdf [2012.11.05 05:00:36 | 000,042,660 | ---- | C] () -- C:\Users\Nicole_Ronny\Documents\377799_395830953805396_1208063472_n.jpg [2012.10.24 17:49:33 | 000,000,019 | ---- | C] () -- C:\Windows\BibiHexe.ini [2012.10.15 11:32:36 | 000,039,157 | ---- | C] () -- C:\Users\Nicole_Ronny\1350297157261.jpg [2012.09.12 05:14:08 | 000,782,872 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 029.jpg [2012.09.12 05:14:08 | 000,756,104 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 031.jpg [2012.09.12 05:14:08 | 000,710,268 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 030.jpg [2012.09.12 05:14:08 | 000,617,316 | ---- | C] () -- C:\Users\Nicole_Ronny\tag im garten 032.jpg [2012.09.11 16:07:13 | 000,007,648 | ---- | C] () -- C:\Users\Nicole_Ronny\AppData\Local\Resmon.ResmonCfg [2012.09.09 17:23:26 | 000,015,238 | ---- | C] () -- C:\Users\Nicole_Ronny\0-41BFAB99-800.jpg [2012.09.09 17:23:26 | 000,015,107 | ---- | C] () -- C:\Users\Nicole_Ronny\0-1802B6E1-800.jpg [2012.09.09 17:23:26 | 000,015,027 | ---- | C] () -- C:\Users\Nicole_Ronny\0-CB8D2DBD-800.jpg [2012.04.12 13:24:50 | 000,000,204 | ---- | C] () -- C:\Windows\wininit.ini [2012.03.30 12:57:46 | 000,000,680 | RHS- | C] () -- C:\Users\Nicole_Ronny\ntuser.pol [2012.03.26 08:36:03 | 001,590,274 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.03 17:43:24 | 000,078,041 | ---- | C] () -- C:\Users\Nicole_Ronny\253493_181725435214794_100001320155288_432283_5783061_n.jpg [2011.08.03 17:26:36 | 000,094,105 | ---- | C] () -- C:\Users\Nicole_Ronny\38369_106656942721644_100001320155288_52090_4441664_n.jpg [2011.07.20 17:57:44 | 000,090,362 | ---- | C] () -- C:\Users\Nicole_Ronny\FCEAEA68-9F30-4CF3-8EF1-FEFA15A46F87.jpg [2011.07.13 08:15:08 | 000,018,553 | ---- | C] () -- C:\Users\Nicole_Ronny\189234_162313683822636_100001320155288_321446_1238858_n.jpg [2011.06.12 13:36:14 | 000,689,020 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 006.jpg [2011.06.12 13:36:12 | 000,696,664 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 004.jpg [2011.06.12 13:36:12 | 000,650,524 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 003.jpg [2011.06.12 13:36:10 | 000,773,716 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 001.jpg [2011.06.12 13:36:10 | 000,731,220 | ---- | C] () -- C:\Users\Nicole_Ronny\grillen 002.jpg [2011.06.02 17:33:18 | 000,749,728 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 013.jpg [2011.06.02 17:33:16 | 000,635,520 | ---- | C] () -- C:\Users\Nicole_Ronny\Lea Geburtstag 010.jpg [2011.04.22 20:39:12 | 000,652,861 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0761.jpg [2011.04.22 20:37:30 | 000,817,456 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0767.jpg [2011.04.22 20:36:58 | 000,805,195 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0768.jpg [2011.04.22 20:36:26 | 000,821,366 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0769.jpg [2011.04.22 20:04:30 | 000,607,628 | ---- | C] () -- C:\Users\Nicole_Ronny\Foto0764.jpg [2006.01.01 12:09:10 | 000,712,756 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0004 (3).jpg [2006.01.01 12:08:40 | 000,651,260 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0003 (3).jpg [2006.01.01 11:07:54 | 000,568,656 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0015.jpg [2006.01.01 11:02:10 | 000,671,016 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0009.jpg [2006.01.01 11:01:32 | 000,817,044 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0008.jpg [2006.01.01 11:01:18 | 000,695,184 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0007.jpg [2006.01.01 11:00:58 | 000,754,920 | ---- | C] () -- C:\Users\Nicole_Ronny\000_0006.jpg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.19 04:55:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Downloaded Installations [2012.05.02 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Epson [2012.11.19 04:56:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\FileOpen [2012.08.23 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Mystery of Mortlake Mansion [2012.11.19 05:29:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Nitro [2012.03.26 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\OEM [2012.10.02 14:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PerformerSoft [2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\PowerCinema [2012.10.11 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\QuickScan [2012.11.21 01:04:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\SoftGrid Client [2012.03.26 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TP [2012.04.07 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\TuxPaint [2012.09.11 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\WildTangent [2012.03.30 12:15:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.22 17:32:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.03.26 09:03:04 | 000,000,000 | R--D | M] -- C:\Backup [2011.09.22 13:49:01 | 000,000,000 | ---D | M] -- C:\book [2012.11.23 21:34:36 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.11 10:24:03 | 000,000,000 | ---D | M] -- C:\Intel [2012.10.24 17:49:27 | 000,000,000 | ---D | M] -- C:\Kiddinx [2012.09.11 17:49:33 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.09.11 17:49:33 | 000,000,000 | ---D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.20 23:04:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.23 21:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.11.22 17:17:57 | 000,000,000 | ---D | M] -- C:\ProgramData [2012.01.04 12:11:34 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.22 17:19:32 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.03.26 07:57:55 | 000,000,000 | ---D | M] -- C:\Recovery [2012.11.24 15:56:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.21 01:30:42 | 000,000,000 | R--D | M] -- C:\Users [2012.03.07 07:16:54 | 000,000,000 | ---D | M] -- C:\VritualRoot [2012.11.24 14:15:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2012.11.20 23:04:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F86417009FF} [2012.11.19 20:07:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{31A559C1-9E4D-423B-9DD3-34A6C5398752} [2012.11.19 20:07:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F} < %localappdata%\*. /5 > [2012.11.21 01:01:10 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Diagnostics [2012.11.20 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Downloaded Installations [2012.11.20 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Programs [2012.11.24 15:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole_Ronny\AppData\Local\Temp < End of report > |
|
24.11.2012, 17:32
| #11 |
| /// the machine /// TB-Ausbilder | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Hi, Windows-Taste+R > Combofix /Uninstall > Enter OTL öffnen > Button Bereinigung drücken Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.11.2012, 19:47
| #12 |
| | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Ok, alles erledigt! Gruss Nicole |
|
24.11.2012, 21:09
| #13 |
| /// the machine /// TB-Ausbilder | GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? Alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt? |
| autostart, avira, bitdefender, defender, desktop, explorer, forum, hilfe!, home, internet explorer, kaspersky, neustart, office, online, programm, ratlos, revo uninstaller, scan, security, system, systemfehler, trojaner, viren, windows live, zugriff verweigert |
Textbox.
Linear-Darstellung
