| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Serifef infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.01.2013, 01:26
| #1 |
| |  Serifef infiziert Hallo. Gestern wollte eine Seite ein Flashplayer udate machen.. Ich hab leider auf ja geklickt und schon hat mein Virenscanner alarm geschlagen. Jetz hab ich meinen Rechner neu installiert mit eRecovery also den Dvds. Danach Malwarbyte durchlaufen lassen der nichts mehr gefunden hat. Kann ich mir da jetzt sicher sein das wieder alles passt oder könnte der Virus auch im MBR sitzen ? Danke schon mal für Antworten und eure Hilfe Hier sind auch noch die OTL.txt Code:
ATTFilter OTL logfile created on: 14.01.2013 00:25:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanjo\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,93% Memory free 7,98 Gb Paging File | 5,78 Gb Available in Paging File | 72,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,95 Gb Total Space | 647,15 Gb Free Space | 93,66% Space Free | Partition Type: NTFS Drive D: | 691,21 Gb Total Space | 428,02 Gb Free Space | 61,92% Space Free | Partition Type: NTFS Computer Name: HANJO-PC | User Name: Hanjo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 20:59:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.12.07 14:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.11.26 12:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe PRC - [2009.09.24 09:50:56 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2009.09.18 14:49:08 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2009.08.18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 22:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 18:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 21:46:12 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.02.03 22:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2009.08.18 08:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV - [2013.01.10 01:02:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.07 14:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.11.26 12:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.11.25 02:07:32 | 001,731,504 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2009.11.25 02:05:05 | 001,664,560 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 20:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.02.03 22:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 18:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.13 19:56:17 | 000,074,184 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.13 19:56:00 | 000,057,288 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.13 19:53:40 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.01.13 19:53:30 | 000,034,760 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.01.13 19:23:01 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2013.01.13 19:17:31 | 000,042,952 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.22 04:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.06.19 23:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.02.23 02:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2013.01.14 00:14:13 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.08.04 21:46:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/01/13 17:55:36] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE518 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170633FE%7D:20.1.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.13 19:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 19:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\Extensions [2013.01.13 19:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\Firefox\Profiles\81d55giq.default\extensions [2013.01.13 19:34:40 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\firefox\profiles\81d55giq.default\extensions\testpilot@labs.mozilla.com.xpi [2013.01.13 19:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.13 19:55:35 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2013.01.13 19:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.01.10 01:03:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.10 01:57:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.10 01:57:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.10 01:57:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.10 01:57:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 01:57:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.10 01:57:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C958B319-DBB3-4C76-B4DE-10032A463DE5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.14 02:36:18 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.01.14 02:35:36 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.01.14 02:35:36 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.01.14 02:35:35 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.01.14 02:35:35 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.01.14 00:14:13 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2013.01.14 00:04:46 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Malwarebytes [2013.01.14 00:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.14 00:03:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.14 00:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.14 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Programs [2013.01.13 23:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.13 23:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.01.13 23:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.01.13 23:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.13 21:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.01.13 21:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.13 21:27:31 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.13 21:27:31 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.13 21:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.13 21:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.13 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.13 21:26:17 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.13 20:59:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe [2013.01.13 19:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.13 19:58:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.01.13 19:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.13 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.13 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.13 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Mozilla [2013.01.13 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Mozilla [2013.01.13 19:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.13 19:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.13 19:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.13 19:26:27 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Adobe [2013.01.13 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Google [2013.01.13 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Google [2013.01.13 19:17:34 | 000,057,288 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.01.13 19:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity [2013.01.13 19:17:31 | 000,042,952 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.01.13 19:17:19 | 000,034,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.01.13 19:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2013.01.13 19:10:39 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Downloaded Installations [2013.01.13 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver [2013.01.13 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Macromedia [2013.01.13 18:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2013.01.13 18:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.01.13 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.01.13 18:05:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.01.13 18:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2013.01.13 18:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.01.13 18:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2013.01.13 18:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2013.01.13 18:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.01.13 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Microsoft Help [2013.01.13 17:59:15 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector [2013.01.13 17:55:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe [2013.01.13 17:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink [2013.01.13 17:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe [2013.01.13 17:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.01.13 17:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.01.13 17:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem [2013.01.13 17:53:05 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\EgisTec [2013.01.13 17:53:05 | 000,000,000 | ---D | C] -- C:\book [2013.01.13 17:52:54 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.13 17:52:54 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.13 17:52:53 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Searches [2013.01.13 17:52:46 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Identities [2013.01.13 17:52:45 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Contacts [2013.01.13 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\VirtualStore [2013.01.13 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store [2013.01.13 17:51:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer [2013.01.13 17:51:32 | 000,000,000 | --SD | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Videos [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Saved Games [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Pictures [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Music [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Links [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Favorites [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Downloads [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Documents [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Desktop [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Vorlagen [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Verlauf [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Temporary Internet Files [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Startmenü [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\SendTo [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Recent [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Netzwerkumgebung [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Lokale Einstellungen [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Videos [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Musik [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Eigene Dateien [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Bilder [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Druckumgebung [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Cookies [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Anwendungsdaten [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Anwendungsdaten [2013.01.13 17:51:32 | 000,000,000 | -H-D | C] -- C:\Users\Hanjo\AppData [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Temp [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Microsoft [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Media Center Programs [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.13 17:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.13 17:46:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.13 17:46:51 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.13 17:46:51 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.13 17:46:51 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.13 17:46:51 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.13 17:46:50 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.13 17:46:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.13 17:46:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.13 17:46:50 | 000,176,640 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.13 17:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.13 17:46:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.13 17:46:23 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.13 17:43:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.13 17:40:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2009.09.17 22:20:06 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.01.14 02:36:08 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.01.14 02:36:08 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.01.14 02:35:36 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.01.14 02:35:36 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.01.14 02:35:35 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.01.14 02:35:35 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.01.14 00:20:42 | 000,000,000 | ---- | M] () -- C:\Users\Hanjo\defogger_reenable [2013.01.14 00:14:13 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2013.01.14 00:03:33 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 23:55:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:55:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:52:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.13 23:52:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.13 23:52:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.13 23:52:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.13 23:52:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.13 23:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.13 23:47:34 | 3214,209,024 | -HS- | M] () -- C:\hiberfil.sys [2013.01.13 23:28:24 | 000,353,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 22:02:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.13 22:02:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.13 21:56:37 | 000,365,568 | ---- | M] () -- C:\Users\Hanjo\Desktop\gmer-2.0.18444.exe [2013.01.13 20:59:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe [2013.01.13 20:57:50 | 000,050,477 | ---- | M] () -- C:\Users\Hanjo\Desktop\Defogger.exe [2013.01.13 19:56:17 | 000,074,184 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2013.01.13 19:56:00 | 000,057,288 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.01.13 19:53:40 | 000,048,584 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2013.01.13 19:53:30 | 000,034,760 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.01.13 19:34:32 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 19:23:01 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.13 19:17:32 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2013.01.13 19:17:31 | 000,042,952 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.01.13 17:59:15 | 000,002,073 | ---- | M] () -- C:\Users\Hanjo\Desktop\CyberLink PowerDirector.lnk [2013.01.13 17:51:02 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.13 17:51:02 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.13 17:48:26 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd [2012.12.29 11:34:47 | 000,061,368 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.29 11:34:47 | 000,053,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin ========== Files Created - No Company Name ========== [2013.01.14 02:36:40 | 000,653,928 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.01.14 02:36:40 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.01.14 02:36:40 | 000,129,800 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.01.14 02:36:40 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.01.14 00:20:42 | 000,000,000 | ---- | C] () -- C:\Users\Hanjo\defogger_reenable [2013.01.14 00:03:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 22:32:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.13 22:02:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.13 22:02:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.13 21:55:33 | 000,365,568 | ---- | C] () -- C:\Users\Hanjo\Desktop\gmer-2.0.18444.exe [2013.01.13 21:47:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.13 21:28:16 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.13 21:26:57 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.13 20:57:48 | 000,050,477 | ---- | C] () -- C:\Users\Hanjo\Desktop\Defogger.exe [2013.01.13 19:34:32 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.13 19:34:32 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 19:17:32 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2013.01.13 18:07:57 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2013.01.13 18:07:45 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2013.01.13 17:59:15 | 000,002,073 | ---- | C] () -- C:\Users\Hanjo\Desktop\CyberLink PowerDirector.lnk [2013.01.13 17:52:58 | 000,001,413 | ---- | C] () -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.13 17:52:55 | 000,001,447 | ---- | C] () -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.13 17:40:30 | 3214,209,024 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Extra.txt Code:
ATTFilter OTL Extras logfile created on: 14.01.2013 00:25:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanjo\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,93% Memory free
7,98 Gb Paging File | 5,78 Gb Available in Paging File | 72,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,95 Gb Total Space | 647,15 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive D: | 691,21 Gb Total Space | 428,02 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Computer Name: HANJO-PC | User Name: Hanjo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D182A33-2536-4F6D-AA08-69E9348A86C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{0DA08E88-910B-4D0B-9C9E-9412FED640C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{111134F4-6449-48CD-A2D8-FD3D2E2A7083}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{123930EB-7782-4153-8728-D259B33B6FA0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{21188573-04C8-4769-A9B0-182BF094C1AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{2CE65C0C-1D1F-43A5-96A6-F030A0DC1051}" = lport=138 | protocol=17 | dir=in | app=system |
"{322BAB24-7718-434D-9130-B7AE961F83E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4F8FDBFA-A7DD-444C-919D-E4924FCFC485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D84BC75-4F65-462B-8C26-C12BA74F654B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7278DC5C-37AC-465D-B712-91A5BF8F499D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{79E70220-DDF6-4DF2-9873-A3A76792F19B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B6A151C-4F8A-4AA4-A4C5-9DFF63E73077}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E715805-2FA1-428F-96FA-8D5CDB4908CE}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA9B47EA-8382-4AA0-8EAF-FC2DB704D9B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B360D86E-3062-462C-9C33-E4BD308F9D94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0D53CFA-E3D3-4670-A401-B1CB6A2ED102}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D519220A-A026-49F8-AAE9-17A1030FFC21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCCA4D9A-5813-4C7E-8F04-6678EF7A0CC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D58135-3D41-4713-99BE-B0BFFFB4DE59}" = lport=139 | protocol=6 | dir=in | app=system |
"{F08AC10C-14C7-4210-A00A-72D5B7705E21}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0AE9548-EC85-4462-BFC8-0DE4D3AEBFE7}" = rport=445 | protocol=6 | dir=out | app=system |
"{F542F958-594F-4135-926F-CA13E768ED0E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FDA42F62-7CE3-44FE-9AC4-60CD7929BE35}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01899D30-22CB-4EB0-823D-93AD09F8AB2F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{061ACA92-2AC8-4ED3-A705-EFE46857A9E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B4E74BF-D106-4567-9D86-B55EDB78B02F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10C9C447-9CE3-404E-A353-19F4833715F5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{16EAE5F3-F5CD-46B4-8B18-6C8CAFA06691}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1AD45C24-F07F-4AEE-B038-5A123605B55D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{20F7CEAB-0D65-4D91-BA54-40C698AF2F3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2675394C-8CCF-42B9-A7CF-140931A3C63E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{2719A9F0-C0CC-48DB-A167-10431748D4BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36021A1A-3574-4354-A2E1-766830A52B57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F0332F8-8DCB-4889-8369-45082C52EE63}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{517D1294-8C84-4CAE-9754-DF180B3DBC2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B31D413-914D-4623-B512-80801239C120}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D466A36-9ADF-4913-A241-76B7DBD94694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E99A6B9-BEAE-4703-8891-0E3B0B4E8EC9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75208F4D-00D7-4108-A18E-4E7A50A2AD37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BAEEFF3-A347-4E33-BB81-89486AE0B1AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D6D448C-C9F0-4A1E-A508-FCCA2CEA8672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FB4488F-47DD-46C8-99FA-F73A482EAF07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{82A4F512-3604-4251-B938-3F85CC8C7482}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{91B1DF4A-9F31-4D49-AA78-828262C72AB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{94071892-8278-4912-947D-37796F09BEE5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{A247DBEC-BE5E-4DD1-B5E5-8355CDA1A9F4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A6ED6865-66B8-4C3F-8F97-4E46A5D60E36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9B1F871-A9B5-4203-A95F-F713617DB662}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F13B77E5-A73D-4920-93A9-8001B1480007}" = protocol=6 | dir=out | app=system |
"{F15DFD40-B69F-4E8C-A9E6-ABF79B1AFB83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3BAF5A5-C544-4ED8-8AED-507E473B7CA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA071859-66EB-45CF-88CB-47402F09E7D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18c5b800-77b3-4e83-9bcd-967c26a1d75a}" = Nero 9 Essentials
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mufin player D" = mufin player
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.01.2013 13:53:48 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 13.01.2013 12:44:13 | Computer Name = WIN-OSE6VQP48UE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%2
Error - 13.01.2013 12:44:31 | Computer Name = WIN-OSE6VQP48UE | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 13.01.2013 12:45:07 | Computer Name = WIN-OSE6VQP48UE | Source = DCOM | ID = 10010
Description =
< End of report >
Gmer.txt Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 01:03:14
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST315003 rev.CC4H 1397,27GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Hanjo\AppData\Local\Temp\fwloipow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes [4F, 77]
.text ... * 9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes [4F, 77]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes [4F, 77]
---- Devices - GMER 2.0 ----
Device \Driver\iaStor \Device\Dev_fffffa8004b06050 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa8006728b70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa8006728b70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672db70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa800672db70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa8006732b70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa8006732b70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672eb70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa800672eb70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672fb70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa800672fb70 ws\system32\DRIVERS\kbdclass.sys
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1460] 0000000077572e3e
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1476] 0000000074e67587
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2620] 000000001000bd90
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2676] 000000001000bd90
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4516] 0000000004b55f30
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3216] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2188] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1076] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:932] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3008] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3048] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3056] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3836] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4408] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2156] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2000] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3368] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1980] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5000] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4636] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3508] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3436] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4648] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5008] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5076] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1768] 0000000077573e59
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4584] 0000000077573e59
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4312] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4316] 0000000010015e40
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4320] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4324] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4328] 000000007c3494f6
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4892] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4540] 0000000010024040
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4172] 0000000074e67587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4588] 0000000073300cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4532] 0000000077572e3e
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4704] 0000000077573e59
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:1468] 0000000077573e59
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432] 0000000076c00000
---- EOF - GMER 2.0 ----
|
| Themen zu Serifef infiziert |
| antivirus, autorun, bho, defender, error, excel, explorer, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, mywinlocker, nvidia update, office 2007, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, symantec, virus, visual studio, windows |
Baum-Darstellung