|
Log-Analyse und Auswertung: Verhaltensüberwachung, unbekannte BedrohungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.12.2012, 19:39 | #1 |
| Verhaltensüberwachung, unbekannte Bedrohung Lieber Trojaner-Board-Team, ich habe folgendes Problem, mein Antiviren-Programm "G Data" zeigte mir heute eine unbekannte Bedrohung an, Art: Verhaltensüberwachung, Status: Virenfund. Folgendes Protokoll wurde erstellt: *** Prozess *** Prozess: 7060 Dateiname: cmd.exe Pfad: c:\windows\system32\cmd.exe Herausgeber: Microsoft Windows Erstelldatum: 04/22/11 00:11:46 Änderungsdatum: 11/20/10 13:24:33 Gestartet von: st_rsser64.exe Herausgeber: Crawler, LLC *** Aktionen *** Das Programm hat Aktionen im Namen eines anderen Programmes ausgeführt. Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden. Das Programm stellt eine Verbindung über ein Netzwerk her. Das Programm erwartet eingehende Netzwerkverbindungen. Das Programm hat Dateien im Systemordner gespeichert. *** Quarantäne *** Folgende Dateien wurden in Quarantäne verschoben: Folgende Registry Einträge wurden gelöscht: YGLRvnKGfXByougqJiYniq6AcnLfeHJycnLfaJBycm0oJy4nx6+gcpKXcnJykoewcqJiYnKiwHKyYmJystBycn5iYnJyfuByon9yonKi3pAoJyomJicKuWLRvqL5C8lyopAuJ4srJy0new6KcqJiYn KioCknJyYmJweqcnIJynKCx3LScoL2oC0nio5iYnKi6AjqcoJiYnKCsCknKCYmJwiMcoIuJiYn6MAqJ8tiYnKyDLxy0mJictLALicpJiYnCW1yct1iYnJy3dAoJ8py0nKSD71ykmJicpLQLicuJy0n B49ycmJicnJwZ3JyYmJycnCHcnJiYnJycKdyonC4cnJ+YmJycn5w2HJyYmJycnD5cnJiYnJycLqCsVdjtvKSoVtjtnKCsVdjtuJw2nKCLSYmJ9hw6nLCqnJyKyeMD6cvJycmJicHty8nuGJicoILxy gn1y0mJifXDQA Version der Regeln: 3.1.11 OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS BB Revision: 24871 cmd.exe /c start "" "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /SCHEDULESCAN /ELEVATED "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe" Ich bin beim googlen auf euch gestoßen, ein anderer User hatte ein ähnliches Problem (am 13.10.2012). Ihm wurde empfohlen, den CKS Scanner zu downloaden und das Ergebnis zu posten. Mein Scan-Ergennis hier: CKS Scanner 2.1 Additional Security Risks - These are not necessarily bad scanner sequence 3.MN.11.RIABIC .....EOF..... Danach habe ich mich an eure Regeln gehalten, habe defrogger downgeloadet und den Scan durchgeführt, danach OTL, dabei warnte G Data wieder vor einer unbekannten Bedrohung und erstellte folgendes Protokoll: *** Prozess *** Prozess: 18264 Dateiname: otl.exe Pfad: c:\users\***\downloads\otl.exe Herausgeber: Unbekannter Herausgeber Erstelldatum: 12/03/12 14:57:13 Änderungsdatum: 12/03/12 14:57:15 Gestartet von: svchost.exe Herausgeber: Microsoft Windows *** Aktionen *** Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen. Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden. YGLxerKQcpIuJ+liYqByknKSYmLAcnJycmJi4HJyLyf3YmJwKnRyQicnJga3cnJycmJicCwnJycnJga5YvF6opAsJwd3KicHdywnJycnJganJycHpyschjVmKycchjVmKycmBgA Version der Regeln: 3.1.11 OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS BB Revision: 24871 "C:\Users\***\Downloads\OTL.exe" Ich habe OTL trotzdem gestartet und den Scan durchgeführt, Hier nun der Inhalt von OTL.txt und Extra.txt: - ist ziemlich lang, SORRY OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2012 16:06:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 38,04% Memory free 7,73 Gb Paging File | 5,11 Gb Available in Paging File | 66,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 225,31 Gb Free Space | 78,97% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 15:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.12.03 15:49:29 | 000,681,984 | ---- | M] () -- C:\Users\***\Downloads\CKScanner.exe PRC - [2012.10.27 13:50:59 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\*** Programm\Firefox\firefox.exe PRC - [2012.09.17 11:02:43 | 001,547,288 | ---- | M] (G Data Software AG) -- C:\*** Programm\GUI\GDSC.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\*** Programm\AVKTray\AVKTray.exe PRC - [2012.09.07 00:55:34 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2012.09.07 00:55:22 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\*** Programm\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\*** Programm\AVK\AVKService.exe PRC - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2006.02.28 09:27:38 | 007,158,784 | ---- | M] (Bethesda Softworks) -- C:\*** Programm\*** Spiele\Oblivion.exe ========== Modules (No Company Name) ========== MOD - [2012.12.03 15:49:29 | 000,681,984 | ---- | M] () -- C:\Users\***\Downloads\CKScanner.exe MOD - [2012.10.27 13:50:58 | 002,295,264 | ---- | M] () -- C:\*** Programm\Firefox\mozjs.dll MOD - [2005.01.08 18:53:38 | 000,338,944 | ---- | M] () -- C:\*** Programm\*** Spiele\binkw32.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.05.29 12:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.12.10 10:15:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.10.12 10:10:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\*** Programm\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\*** Programm\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.05.29 12:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 12:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.02.20 06:58:00 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\*** Programm\AVK\AVKService.exe -- (AVKService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.09.11 06:42:46 | 000,305,448 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.03.28 03:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.09 09:05:37 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.10.06 21:50:52 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.10.06 21:50:52 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.10.06 21:50:52 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.08.08 12:44:05 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.08.02 22:07:31 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 15:52:16 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2011.07.06 19:50:48 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2011.04.02 08:27:29 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2011.03.28 13:42:53 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.03.28 13:42:53 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2009.12.10 12:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 21:26:52 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.13 20:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.08.06 13:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.07.22 23:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 03:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2012.11.08 10:30:44 | 000,064,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null) DRV - [2012.03.29 15:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.06 17:46:52 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360610l406l0488z135t6481d31n IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360610l406l0488z135t6481d31n IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360610l406l0488z135t6481d31n IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360610l406l0488z135t6481d31n IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Heikes Programm\Acrobate Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\*** Programm\Firefox\components [2012.10.27 13:50:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: C:\*** Programm\Thunderbird\components [2012.11.09 21:32:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\*** Programm\Firefox\components [2012.10.27 13:50:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\*** Programm\Thunderbird\components [2012.11.09 21:32:54 | 000,000,000 | ---D | M] [2011.01.25 04:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.01.25 04:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.23 12:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4q9tkurc.default-1352461107743\extensions [2012.11.23 12:53:15 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4q9tkurc.default-1352461107743\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.03.24 20:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.17 10:08:03 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\*** Programm\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\*** Programm\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Add animation to IncrediMail Style Box - C:\*** Programm\IncrediMail\bin\resources\WebMenuImg.htm File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\*** Programm\IncrediMail\bin\resources\WebMenuImg.htm File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79}: DhcpNameServer = 192.31.128.29 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A080DC42-4DF2-4CBD-8A87-093263E5BBBA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\heikes programm\avkkid\avkcks.exe) - c:\*** Programm\AVKKid\AvkCKS.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\msconfig.dat) - C:\Users\H***\AppData\Roaming\msconfig.dat () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\amazonmp3downloader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\decryption.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\javaw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\javaws.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\lmanager.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\minilauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\onlinehelp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\paprport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\scannerwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\amazonmp3downloader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\decryption.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\javaw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\javaws.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\lmanager.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\minilauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\onlinehelp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\paprport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\scannerwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0e28852c-58ff-11e0-b0cc-00262d91659d}\Shell - "" = AutoRun O33 - MountPoints2\{0e28852c-58ff-11e0-b0cc-00262d91659d}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{dea95995-5cf8-11e0-a148-c417fe68af90}\Shell - "" = AutoRun O33 - MountPoints2\{dea95995-5cf8-11e0-a148-c417fe68af90}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 10:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2012.11.08 10:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Telekom [2012.11.08 10:28:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\T-Online [2012.11.08 10:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online [2012.11.08 10:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Marmiko Shared [2012.11.08 10:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T-Online [2012.11.08 10:20:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deutsche Telekom [2012.11.03 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\mquadr.at [2012.11.03 16:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at [2012.11.03 16:17:17 | 001,142,656 | ---- | C] (mquadr.at software engineering und consulting GmbH) -- C:\Windows\SysWow64\M2ElevatedCalls.dll [2012.11.03 16:17:17 | 000,948,608 | ---- | C] (mquadr.at software engineering) -- C:\Windows\SysWow64\M2ElevatedNetworkAdapters.dll [2012.11.03 16:17:17 | 000,238,080 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysWow64\WiFiMan.dll [2012.11.03 16:17:17 | 000,066,557 | ---- | C] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Windows\SysWow64\SSDPDiscovery.dll [2012.11.03 16:17:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2012.11.03 16:16:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DTAG [2009.11.05 04:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.03 16:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.03 15:56:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.03 15:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.03 14:31:19 | 000,899,476 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.12.03 14:31:19 | 000,047,179 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.12.02 17:23:10 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2012.11.28 19:11:53 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 19:11:53 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 19:04:19 | 465,858,750 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.28 16:10:32 | 000,000,047 | ---- | M] () -- C:\Users\***\AppData\Roaming\msconfig.ini [2012.11.27 13:17:03 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\msconfig.dat [2012.11.25 03:42:39 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.25 03:42:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.16 15:38:05 | 000,365,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.16 11:09:32 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.16 11:09:32 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.16 11:09:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.16 11:09:32 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.16 11:09:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.08 10:30:44 | 000,064,568 | ---- | M] () -- C:\Windows\SysWow64\NULL [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.03 15:56:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.28 19:04:19 | 465,858,750 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.26 22:15:14 | 000,000,047 | ---- | C] () -- C:\Users\***\AppData\Roaming\msconfig.ini [2012.11.16 05:17:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 05:04:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.08 10:30:43 | 000,064,568 | ---- | C] () -- C:\Windows\SysWow64\NULL [2012.01.11 10:08:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\msconfig.dat [2011.07.15 12:24:48 | 000,899,476 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.03.03 18:48:13 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.01.24 10:57:41 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2011.01.07 20:33:50 | 000,008,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.28 17:53:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.09.03 14:32:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt [2011.12.24 10:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.09.26 15:14:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.10.25 19:14:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Medion [2010.06.27 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.02.27 15:52:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2012.11.08 10:28:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2011.01.25 04:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.11.25 03:40:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 16:06:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 38,04% Memory free 7,73 Gb Paging File | 5,11 Gb Available in Paging File | 66,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 225,31 Gb Free Space | 78,97% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Heikes Programm\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003E228A-4391-4795-818A-790D29C10726}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{13E1826B-5B19-481B-BDD2-B723ECEC3802}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{339FD0FC-450D-4C70-883C-197C3CE84B0C}" = lport=2869 | protocol=6 | dir=in | app=system | "{3FB13913-E3DD-4553-8D68-726D50FE6297}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4565D27C-890F-489D-8E45-241BFC028840}" = rport=137 | protocol=17 | dir=out | app=system | "{508876CF-DB3A-4687-BCFE-15BB1E12F44F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{594AE2AC-21A8-4F6F-81E9-9E44866D8CB0}" = lport=139 | protocol=6 | dir=in | app=system | "{60DDD62D-FBFD-4036-8F40-CD6A6E45ED4B}" = lport=10243 | protocol=6 | dir=in | app=system | "{6A178738-08AF-4AAF-B183-653323D522F7}" = rport=138 | protocol=17 | dir=out | app=system | "{71530C00-D554-4E1A-9AAF-AE0A3BB5298F}" = rport=445 | protocol=6 | dir=out | app=system | "{7A92B57E-0CEB-45DF-B8CC-E051A6263F42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7AC05AC6-6F6A-4476-A47A-ABE1146C5B3E}" = lport=445 | protocol=6 | dir=in | app=system | "{7CF04947-75DC-494A-8C46-582BE2DDF777}" = lport=137 | protocol=17 | dir=in | app=system | "{8C67C6A0-08E9-494E-84D2-761C4184C42D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A2D120B9-46AF-4452-B15D-70DEDD4B1CE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AF7C8395-95EC-4AF9-8DC6-01A0542C8222}" = rport=139 | protocol=6 | dir=out | app=system | "{C7258B3B-D129-45B1-981F-8B3D60446959}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C7934398-1E5F-41C8-8CE0-6A3FEBAB7F64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C94F4725-4044-4962-91B6-2B3A77A7FC24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CEF0D3B0-1469-46F9-9B76-A9D5DBFD8790}" = rport=10243 | protocol=6 | dir=out | app=system | "{DACFF09E-F3E5-4FB2-B3D4-865416E0D223}" = lport=138 | protocol=17 | dir=in | app=system | "{F752450E-1B70-47FF-A612-13BE14C26198}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FFA8A00F-40D8-4EDB-8E68-0AA98BBB90B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{082A2FB9-C79A-4BA0-BDA6-90CDEFA8A277}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0F5193A0-853F-4E4F-A4A0-39B90C448D7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{11E7CF78-0D76-4267-9A7E-93CC8D2FAC19}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{1ABA5C6B-9016-45E9-8B68-4A55256B6AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{20A709C8-A8D4-4DD3-8C21-1CDEE46430C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{346796A9-49AF-4A96-9D33-1F66414B6E6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3627CDBD-4477-4B83-9030-873C8DA27B63}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{3E95A523-4FC4-4719-9E83-64A4FFA765FD}" = protocol=6 | dir=out | app=system | "{42F1C6D3-7746-4448-9678-70495728898F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{46811BDD-A146-4989-B3C0-63F00E8FA412}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{60983B6D-3CCB-45B2-A10F-32BB0E51D628}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{65E2F10F-1B89-4C89-8139-34AA099DB0EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{66FDE14B-B98C-4A82-BD70-01AC2AADB8E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{679597EE-6AF1-460E-9EC0-C08FB4D1FFDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6E8FAFDE-84BA-4C91-994D-0C7B8FAB1B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{719B2053-600C-416E-8D7E-4DD2F7C4AED8}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{723535B7-76E7-4240-8FD7-A307239BDB61}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{783B6277-4000-45C8-95ED-EB79C0DCFD5B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{78786639-47DA-4823-ABEA-9E7DDA1A5B75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E992FC0-CDBD-4C31-886C-410B324D731C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{91AB1E34-1135-4850-99B3-286D7C97F69B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | "{97BC6DDB-68D0-4380-96FB-17B6C93266D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A4B51BDA-DD16-4C6D-83C3-9BE1ABC73985}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B02566FE-A320-436D-9682-398213120D9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B447A2E3-5FA5-404A-BEB2-6680C2B2298D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BA5E8E5B-BCC3-48EA-9B6B-2844D337160F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{C8047D6B-ACE7-402F-B95B-B98388C29F9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CD48E4D2-21DC-4B1C-92F3-BF399FEDA924}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{D88ABBEE-533B-40A2-8D06-47A14780DDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D9AEFA91-795A-4756-90EA-51E73293BA9F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | "{EBA3D052-0FD7-42CE-AA39-BBB50055E96F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F9B57B13-3CAD-4728-81A0-C80C26251DAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1195 "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista "{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing "{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese "{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian "{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-365CN "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese "{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish "{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard "{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish "{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All "{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian "{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light "{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish "{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011 "{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek "{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120 "{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian "{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ahnenblatt_is1" = Ahnenblatt 2.62 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0 "conduitEngine" = Conduit Engine "GridVista" = Acer GridVista "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "LManager" = Launch Manager "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "Mozilla Thunderbird 12.0 (x86 de)" = Mozilla Thunderbird 12.0 (x86 de) "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Softonic_Deutsch Toolbar" = Softonic Deutsch Toolbar "Sweet Home 3D_is1" = Sweet Home 3D version 3.0 "TuneUp Utilities 2012" = TuneUp Utilities 2012 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.11.2012 09:24:46 | Computer Name = *** | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 24.11.2012 15:51:47 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3460 Startzeit: 01cdca6fb3b86b74 Endzeit: 61 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 24.11.2012 16:07:09 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 208c Startzeit: 01cdca7d232e4a04 Endzeit: 44 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 24.11.2012 17:40:17 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ad8 Startzeit: 01cdca8a97a3121f Endzeit: 89 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 24.11.2012 21:11:12 | Computer Name = *** | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 26.11.2012 12:56:10 | Computer Name = *** | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 27.11.2012 07:29:06 | Computer Name = *** | Source = RasClient | ID = 20227 Description = Error - 27.11.2012 08:14:21 | Computer Name = *** | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 30.11.2012 00:14:06 | Computer Name = *** | Source = RasClient | ID = 20227 Description = Error - 01.12.2012 07:29:37 | Computer Name = *** | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 26.11.2012 17:17:52 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 28.11.2012 11:19:51 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Error - 28.11.2012 11:19:51 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht. Error - 28.11.2012 11:19:51 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.11.2012 11:27:45 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 28.11.2012 11:40:55 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 28.11.2012 13:51:50 | Computer Name = *** | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht. Error - 28.11.2012 13:53:00 | Computer Name = *** | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht. Error - 28.11.2012 14:04:28 | Computer Name = *** | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?11.?2012 um 18:51:50 unerwartet heruntergefahren. Error - 28.11.2012 14:04:34 | Computer Name = *** | Source = BugCheck | ID = 1001 Description = < End of report > Ich habe Schritt 3 nicht ausgeführt, da ich ein 64bit System habe. Ich wende mich an euch aufgrund eurer Aussage "Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist." Könnt ihr mir bitte sagen, ob das nun ein Virus bzw. Trojaner ist und was weiter zu tun ist. Vielen Dank Gruß Jeanny Geändert von Jeanny75 (03.12.2012 um 19:45 Uhr) Grund: Realname editiert |
04.12.2012, 14:37 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verhaltensüberwachung, unbekannte Bedrohung Hallo und
__________________hast du dir die Meldungen von GDATA nicht mal genauer angesehen? Bei der näheren Betrachtung fällt auf, wie hysterisch das ist: Zitat:
OTL! Das Programm mit dem man die OTL-Log erstellt
__________________ |
04.12.2012, 16:49 | #3 |
| Verhaltensüberwachung, unbekannte Bedrohung Ok, also ist G Data nur "hysterisch"?
__________________Liegt es nur am Antivirenprogramm??? Ich habe nicht sooo die PC Erfahrung und spreche leider auch kein Englisch, da fühle ich mich schnell überfordert.... Danke auf jeden Fall für die schnelle Antwort! Grüße |
04.12.2012, 16:59 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verhaltensüberwachung, unbekannte Bedrohung Um es mal ganz klar zu sagen: diese beiden Meldungen die du gepostet hast sind keine Virenfunde! Die Verhaltensüberwachung hat da zugeschlagen, weil sie meinte, verdächtige Aktivitäten bemerkt zu haben Steht mehr zum Thema Verhaltensüberwachung nicht in deinem GDATA-Handbuch? Gerade wenn man nicht die Erfahrung hat sollte man da doch schonmal nachschlagen!
__________________ Logfiles bitte immer in CODE-Tags posten |
05.12.2012, 21:21 | #5 |
| Verhaltensüberwachung, unbekannte Bedrohung Wenn im Handbuch sowas nicht steht oder wenn man damit nichts anfangen kann, dann fragt man eben mal nach! Ich finde es nicht korrekt, dass man dann gleich so runtergemacht wird... Entschuldige, dich belästigt zu haben |
06.12.2012, 12:20 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verhaltensüberwachung, unbekannte BedrohungZitat:
Warum reagierst du so allergisch, wenn man mal einen Hinweis zum Handbuch postet, das ist doch kein Runtermachen! oder mag man es nicht, wenn einem nicht alles auf dem Silbertablett serviert wird?!
__________________ --> Verhaltensüberwachung, unbekannte Bedrohung |
Themen zu Verhaltensüberwachung, unbekannte Bedrohung |
antiviren-programm, antivirus, autorun, bho, ebay, error, excel, feedback, fehler, firefox, flash player, google, home, iexplore.exe, install.exe, javaws.exe, launch, logfile, mozilla, mywinlocker, netzwerk, office 2007, plug-in, problem, prozess, realtek, registry, richtlinie, rundll, security, softonic deutsch toolbar, software, spyware, system, windows |