| |
| |||||||
Log-Analyse und Auswertung: Delta SearchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.02.2013, 00:57
| #1 |
| |  Delta Search hatte die Delta Toolbar hab das ding gelöscht trotzdem geht noch immer im Google Chrome die Delta Search auf. hab die Olt txt und Extra Txt hier eingefügt. Hoffe ihr könnt mir dazu was sagen. Danke OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.02.2013 23:23:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patric\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,26% Memory free 6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 24,14 Gb Free Space | 16,76% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 146,32 Gb Free Space | 49,09% Space Free | Partition Type: NTFS Drive E: | 140,50 Gb Total Space | 39,76 Gb Free Space | 28,30% Space Free | Partition Type: NTFS Computer Name: CRAZYS | User Name: Patric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.20 23:20:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patric\Downloads\OTL.exe PRC - [2013.02.20 17:00:11 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\Temp\RtkBtMnt.exe PRC - [2013.01.28 14:19:30 | 001,926,944 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.07 00:43:20 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\Patric\AppData\Local\Skillbrains\lightshot\3.2.0.0\LightShot.exe PRC - [2012.08.08 09:10:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.10 11:13:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 11:13:33 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.10 11:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.29 21:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.01.25 13:59:06 | 000,758,224 | ---- | M] () -- C:\Programme\Core Temp\Core Temp.exe PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.29 10:55:44 | 002,676,696 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe PRC - [2010.11.17 09:29:38 | 000,287,024 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Firewall Plus\FWService.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.20 19:18:32 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.27 19:58:00 | 003,837,736 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe PRC - [2009.03.27 19:57:56 | 003,520,512 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.03.27 19:57:47 | 003,602,432 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe PRC - [2009.03.27 19:57:40 | 003,676,160 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.06.13 13:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe PRC - [2008.06.13 13:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.07 09:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 04:40:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll MOD - [2013.02.14 04:36:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013.01.10 14:42:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 14:41:29 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 14:40:26 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 14:40:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.01.25 13:59:06 | 000,758,224 | ---- | M] () -- C:\Programme\Core Temp\Core Temp.exe MOD - [2009.03.27 19:58:00 | 003,837,736 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe MOD - [2009.03.27 19:44:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll MOD - [2009.03.27 19:44:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2009.03.27 19:44:36 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.06.11 09:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2013.02.20 11:59:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.14 08:25:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 11:13:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 11:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.01.28 18:44:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\NavFilter\kmsvc.exe -- (CLKMSVC10_D20A29D4) SRV - [2010.11.17 09:29:38 | 000,287,024 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.05.20 19:18:32 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2009.03.27 19:57:47 | 003,602,432 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.06.13 13:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2008.06.13 13:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LGVirHid.sys -- (LGVirHid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DKbFltr.sys -- (DKbFltr) DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Patric\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2013.01.17 20:54:11 | 000,040,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\voxaldriverx86.sys -- (voxaldriver) DRV - [2012.12.17 13:11:26 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.12.17 13:11:26 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.05.10 11:13:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 11:13:43 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.03.01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.01.17 13:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.04.11 21:01:16 | 000,317,384 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfGSRi386.sys -- (LADF_RenderOnly) DRV - [2011.04.11 21:00:40 | 000,378,568 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfGSCi386.sys -- (LADF_CaptureOnly) DRV - [2010.11.25 09:53:58 | 000,160,448 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2010.11.25 09:42:10 | 000,124,992 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw) DRV - [2010.11.24 08:18:16 | 000,089,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2010.11.17 09:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2010.09.29 11:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfSBVMi386.sys -- (LADF_SBVM) DRV - [2010.09.29 11:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfDHP2i386.sys -- (LADF_DHP2) DRV - [2010.07.08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP) DRV - [2010.07.08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2009.08.05 05:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2009.03.27 19:57:43 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.05.26 11:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_6930g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=85&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10186&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.autocompletepro.com/?si=10186&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C ED FC EA D8 C2 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=85&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.autocompletepro.com/?si=10186&bi=400 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=85&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=85&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.yd.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yd&babsrc=SP_ss&mntrId=70567fb10000000000000016ea629f76 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE IE - HKCU\..\SearchScopes\{1F0C0E4A-72C8-4560-9612-27AD083921F1}: "URL" = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms} IE - HKCU\..\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}: "URL" = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADBR_de IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.autocompletepro.com/?si=10186&bi=400&q={searchTerms} IE - HKCU\..\SearchScopes\{ECDC64BF-F956-44B5-98D6-D810A7F1F40F}: "URL" = hxxp://search.microsoft.com/results.aspx?form=MSHOME&setlang=de-de&q={searchTerms}&mkt=de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..CT3284351.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultthis.engineName: "FileConverter 1.3F4 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284351&SearchSource=3&q={searchTerms}&CUI=UN14539148193237561" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16 FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patric\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patric\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.11 16:22:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.06 19:14:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.11 16:22:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.11 16:22:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.07 21:10:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 11:59:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.20 11:59:04 | 000,000,000 | ---D | M] [2012.07.20 04:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patric\AppData\Roaming\mozilla\Extensions [2010.01.06 14:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patric\AppData\Roaming\mozilla\Extensions\sz@mast.er [2013.02.14 16:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patric\AppData\Roaming\mozilla\Firefox\Profiles\meud4xq5.default\extensions [2012.04.05 12:48:45 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Patric\AppData\Roaming\mozilla\Firefox\Profiles\meud4xq5.default\extensions\DeviceDetection@logitech.com [2012.10.08 19:52:16 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\Patric\AppData\Roaming\mozilla\firefox\profiles\meud4xq5.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013.02.14 16:24:58 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Patric\AppData\Roaming\mozilla\firefox\profiles\meud4xq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.27 10:54:52 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Patric\AppData\Roaming\mozilla\firefox\profiles\meud4xq5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.02.07 14:10:35 | 000,001,294 | ---- | M] () -- C:\Users\Patric\AppData\Roaming\mozilla\firefox\profiles\meud4xq5.default\searchplugins\delta.xml [2013.02.07 14:11:09 | 000,001,094 | ---- | M] () -- C:\Users\Patric\AppData\Roaming\mozilla\firefox\profiles\meud4xq5.default\searchplugins\fileconverter-13f4-customized-web-search.xml [2012.07.19 18:54:19 | 000,002,519 | ---- | M] () -- C:\Users\Patric\AppData\Roaming\mozilla\firefox\profiles\meud4xq5.default\searchplugins\Search_Results.xml [2013.02.20 11:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.07 21:10:40 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2012.06.06 19:14:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.10.11 16:22:50 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2013.02.20 11:59:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.11 16:22:05 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.05.08 21:54:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.07 14:10:22 | 000,006,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.02 13:29:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.08 21:54:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.08 21:54:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.19 18:54:19 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.05.08 21:54:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.08 21:54:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.yd.delta-search.com/?affID=119816&tt=030213_yd&babsrc=HP_ss&mntrId=70567fb10000000000000016ea629f76 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.yd.delta-search.com/?affID=119816&tt=030213_yd&babsrc=HP_ss&mntrId=70567fb10000000000000016ea629f76 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Patric\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Patric\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Patric\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Patric\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Patric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: 118446.user.js = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdbeholmalmdbidhgdmmjnidiodngde\1.0_0\ CHR - Extension: DoA Power Tools Teamwork = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\camdmekomadiijofoopmckiklemhakmc\1.6_0\ CHR - Extension: Google-Suche = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Tampermonkey = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.11.3078_0\ CHR - Extension: KabaListics = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjechemeamlkppgmdeeofkocngkjdjb\2013.106_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: 118446.user.js = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdbeholmalmdbidhgdmmjnidiodngde\1.0_0\ CHR - Extension: DoA Power Tools Teamwork = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\camdmekomadiijofoopmckiklemhakmc\1.6_0\ CHR - Extension: Google-Suche = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Tampermonkey = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.11.3078_0\ CHR - Extension: KabaListics = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjechemeamlkppgmdeeofkocngkjdjb\2013.106_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten6\IEButtonAmazonInterface.dll () O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten6\IEButtonPPInterface.dll () O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [LightShot] C:\Users\Patric\AppData\Local\Skillbrains\lightshot\LightShot.exe () O4 - HKCU..\Run: [Personal ID] C:\Programme\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe () O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\\SECRET~1.EXE File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{463FB10B-4FC8-44CD-824A-096C81AA3247}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5e093213-3016-11de-876e-001e68de55c9}\Shell\AutoRun\command - "" = G:\autorun.bat O33 - MountPoints2\{798fefe8-92d3-11de-86d2-002269d0fbec}\Shell - "" = AutoRun O33 - MountPoints2\{798fefe8-92d3-11de-86d2-002269d0fbec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{a0e081f6-5115-11de-a33c-002269d0fbec}\Shell - "" = AutoRun O33 - MountPoints2\{a0e081f6-5115-11de-a33c-002269d0fbec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{df92f3c3-178b-11e1-812c-001e68de55c9}\Shell - "" = AutoRun O33 - MountPoints2\{df92f3c3-178b-11e1-812c-001e68de55c9}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{e19618f6-a86d-11df-ab94-002269d0fbec}\Shell\AutoRun\command - "" = G:\Menu.exe O33 - MountPoints2\{e80b53a4-e69e-11e0-ad8a-001e68de55c9}\Shell - "" = AutoRun O33 - MountPoints2\{e80b53a4-e69e-11e0-ad8a-001e68de55c9}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{fa229c2e-462e-11e2-9fba-001e68de55c9}\Shell - "" = AutoRun O33 - MountPoints2\{fa229c2e-462e-11e2-9fba-001e68de55c9}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2013.02.20 11:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.15 15:40:15 | 000,000,000 | ---D | C] -- C:\Users\Patric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizard101(DE) [2013.02.15 15:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Wizard101(DE) [2013.02.14 00:08:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.14 00:08:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.14 00:08:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.14 00:08:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.14 00:08:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.14 00:08:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.14 00:08:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 00:08:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 07:34:22 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 07:34:20 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.02.13 07:34:14 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 07:34:14 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.08 21:36:32 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.02.08 21:36:21 | 000,029,984 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2013.02.07 21:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.02.07 21:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.02.07 14:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.01.27 19:55:39 | 000,000,000 | ---D | C] -- C:\Users\Patric\Documents\My Cheat Tables [2013.01.27 19:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.2 ========== Files - Modified Within 30 Days ========== [2013.02.20 23:22:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 23:22:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 23:08:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3399982503-987598256-3609435463-1000UA.job [2013.02.20 22:50:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.20 21:31:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3399982503-987598256-3609435463-1000.job [2013.02.20 20:25:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-sys.job [2013.02.20 17:29:15 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.20 17:29:15 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.20 17:29:15 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.20 17:29:15 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.20 17:22:37 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2013.02.20 16:59:03 | 003,775,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.20 09:08:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3399982503-987598256-3609435463-1000Core.job [2013.02.19 14:44:22 | 000,006,963 | ---- | M] () -- C:\Windows\wininit.ini [2013.02.15 15:40:16 | 000,001,441 | ---- | M] () -- C:\Users\Patric\Desktop\Wizard101.lnk [2013.02.14 08:25:09 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.14 08:25:09 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.09 17:01:17 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.09 15:19:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.08 21:49:29 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Zulu DJ Software.lnk [2013.02.07 21:10:44 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.02.07 21:10:44 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.02.07 14:07:49 | 000,000,009 | ---- | M] () -- C:\END [2013.01.30 20:11:48 | 000,002,051 | ---- | M] () -- C:\Users\Patric\Desktop\Google Chrome.lnk [2013.01.28 14:19:32 | 000,032,032 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2013.01.28 14:19:28 | 000,021,792 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.01.24 22:19:09 | 000,000,000 | ---- | M] () -- C:\Users\Patric\AppData\Roaming\wklnhst.dat [2013.01.24 21:03:46 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk [2013.01.23 13:32:06 | 000,004,815 | ---- | M] () -- C:\Users\Patric\RadioDjAGC.agc ========== Files Created - No Company Name ========== [2013.02.15 15:40:16 | 000,001,441 | ---- | C] () -- C:\Users\Patric\Desktop\Wizard101.lnk [2013.02.08 21:49:29 | 000,000,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zulu DJ Software.lnk [2013.02.08 21:49:29 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Zulu DJ Software.lnk [2013.02.07 21:10:44 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.02.07 21:10:44 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.02.07 14:04:04 | 000,000,009 | ---- | C] () -- C:\END [2013.02.01 16:11:08 | 003,775,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.24 22:19:09 | 000,000,000 | ---- | C] () -- C:\Users\Patric\AppData\Roaming\wklnhst.dat [2013.01.23 13:32:06 | 000,004,815 | ---- | C] () -- C:\Users\Patric\RadioDjAGC.agc [2013.01.17 20:54:11 | 000,040,216 | ---- | C] () -- C:\Windows\System32\drivers\voxaldriverx86.sys [2012.10.29 16:44:56 | 000,315,392 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2012.10.04 16:40:44 | 000,139,588 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.09.27 08:15:20 | 001,406,397 | ---- | C] () -- C:\Users\Patric\Documents.pdf [2012.04.20 14:21:33 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2012.01.23 00:34:24 | 000,008,143 | ---- | C] () -- C:\Users\Patric\das geht.sgl [2012.01.22 04:22:37 | 000,008,145 | ---- | C] () -- C:\Users\Patric\ein anfang.sgl [2011.12.06 18:47:52 | 000,008,682 | ---- | C] () -- C:\Users\Patric\overlay.ini [2011.12.06 18:47:52 | 000,000,000 | ---- | C] () -- C:\Users\Patric\vorlagen.ini [2011.09.22 13:22:04 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.09.20 12:35:57 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.06.10 15:21:43 | 000,001,010 | ---- | C] () -- C:\Users\Patric\AppData\Local\UserProducts.xml [2011.05.11 19:06:52 | 000,000,845 | ---- | C] () -- C:\Users\Patric\.recently-used.xbel [2011.04.11 21:02:08 | 000,076,360 | ---- | C] () -- C:\Windows\System32\ladfGSRCoinst_i386.dll [2010.07.19 12:10:32 | 000,000,680 | RHS- | C] () -- C:\Users\Patric\ntuser.pol [2010.02.28 15:35:57 | 000,002,299 | ---- | C] () -- C:\Users\Patric\AppData\Roaming\acervcmtmp.ini [2010.02.16 10:49:31 | 000,010,021 | ---- | C] () -- C:\Users\Patric\Lohnsteuer 2009.elfo [2010.01.28 18:18:16 | 000,000,159 | ---- | C] () -- C:\Users\Patric\AppData\Roaming\default.rss [2009.12.02 17:48:07 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.05.11 16:32:31 | 000,008,592 | ---- | C] () -- C:\Users\Patric\AppData\Local\d3d9caps.dat [2009.03.28 23:54:35 | 000,132,608 | ---- | C] () -- C:\Users\Patric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.03.07 14:22:08 | 000,000,244 | ---- | C] () -- C:\Users\Patric\medcd.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.03 01:01:58 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.03.27 20:20:26 | 000,000,000 | ---D | M] -- C:\ACER [2008.07.30 03:41:04 | 000,000,000 | ---D | M] -- C:\book [2009.06.04 21:17:06 | 000,000,000 | -HSD | M] -- C:\Boot [2009.03.27 19:56:42 | 000,000,000 | ---D | M] -- C:\CLSetup [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.03.27 19:27:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.08.12 16:41:49 | 000,000,000 | ---D | M] -- C:\downloads [2008.07.30 03:16:19 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.20 17:15:25 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.15 15:40:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.03.27 19:27:32 | 000,000,000 | -HSD | M] -- C:\Programme [2013.02.08 23:05:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.28 01:29:19 | 000,000,000 | ---D | M] -- C:\ts3overlay [2012.03.17 13:09:56 | 000,000,000 | R--D | M] -- C:\Users [2013.02.01 16:11:02 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe < MD5 for: IASTOR.SYS > [2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver\IaStor.sys [2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys [2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys [2008.04.20 17:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_18bd4575\iaStor.sys [2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver64\IaStor.sys [2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.05.11 19:06:52 | 000,000,845 | ---- | M] () -- C:\Users\Patric\.recently-used.xbel [2012.01.29 21:58:55 | 000,008,143 | ---- | M] () -- C:\Users\Patric\das geht.sgl [2012.09.27 08:15:21 | 001,406,397 | ---- | M] () -- C:\Users\Patric\Documents.pdf [2012.01.23 19:24:19 | 000,008,145 | ---- | M] () -- C:\Users\Patric\ein anfang.sgl [2010.06.05 20:35:50 | 000,010,021 | ---- | M] () -- C:\Users\Patric\Lohnsteuer 2009.elfo [2011.12.06 18:48:00 | 000,000,244 | ---- | M] () -- C:\Users\Patric\medcd.ini [2013.02.20 23:41:40 | 009,961,472 | -HS- | M] () -- C:\Users\Patric\ntuser.dat [2013.02.20 23:41:40 | 000,262,144 | -H-- | M] () -- C:\Users\Patric\ntuser.dat.LOG1 [2009.03.27 19:27:53 | 000,000,000 | -H-- | M] () -- C:\Users\Patric\ntuser.dat.LOG2 [2010.11.18 19:13:57 | 007,864,320 | -HS- | M] () -- C:\Users\Patric\ntuser.dat_previous [2013.02.20 17:21:30 | 000,065,536 | -HS- | M] () -- C:\Users\Patric\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.01.22 22:16:15 | 000,524,288 | -HS- | M] () -- C:\Users\Patric\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2013.02.20 17:21:30 | 000,524,288 | -HS- | M] () -- C:\Users\Patric\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.03.27 19:27:53 | 000,000,020 | -HS- | M] () -- C:\Users\Patric\ntuser.ini [2010.07.30 13:05:48 | 000,000,680 | RHS- | M] () -- C:\Users\Patric\ntuser.pol [2004.11.11 09:54:02 | 000,008,682 | ---- | M] () -- C:\Users\Patric\overlay.ini [2013.01.23 13:32:06 | 000,004,815 | ---- | M] () -- C:\Users\Patric\RadioDjAGC.agc [2004.11.03 10:34:58 | 000,000,000 | ---- | M] () -- C:\Users\Patric\vorlagen.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C95B63DA @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C31F31E6 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:8AB6C1D7 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:8173A019 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:FC420CE6 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:2B99FE60 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.02.2013 23:23:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patric\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,26% Memory free
6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 24,14 Gb Free Space | 16,76% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 146,32 Gb Free Space | 49,09% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 39,76 Gb Free Space | 28,30% Space Free | Partition Type: NTFS
Computer Name: CRAZYS | User Name: Patric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3399982503-987598256-3609435463-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02572956-0D23-4682-8F54-DB3D07FFBF43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07F2678E-3065-44BC-ADAD-89B56A07B3AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{10A5E902-E3D5-456D-9CC4-3DBD65168D7C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1B76F75B-8672-44B2-ACE1-FC9EAFF2BDC2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{208A9631-1997-4975-890B-8E11B52BFF17}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{34DE1D12-3358-4992-8CBB-79A073E22949}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3AA449F9-5E69-442B-9EFA-4E9D3CD3928E}" = lport=137 | protocol=17 | dir=in | app=system |
"{40343AAA-63C9-4847-BCA3-0721E64FB795}" = rport=137 | protocol=17 | dir=out | app=system |
"{5DFE6699-AEB5-455A-B233-2A451A2C512E}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{72F80365-C701-407C-B1C4-BBE1A9A31B7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95B175B7-BB22-4FA6-8E7A-D86CE2CE6BD6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9704888C-4927-45BE-9A27-5A9BB47AA976}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4F57684-C949-49A8-A2B9-1C6034B275FF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AB78FC29-AC92-4D03-A343-A16AE14EAEF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B177222D-F77F-440D-B037-699107EABC4A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5F4436F-EC7A-4BAB-894D-F1A44AB82107}" = lport=139 | protocol=6 | dir=in | app=system |
"{B654387A-12DD-4D6F-B932-86B6B2BACED7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C3E76CD8-B17D-4A33-8C71-AB6C9808A37B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C591635A-500B-4F96-84EA-3149F2F08530}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD90845D-AE61-4BEA-AAF8-69FAA59CEDE6}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC6D0AB3-21BE-41F6-A8F9-CE85DD0DB8D6}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{F2D741AF-B8C2-44E8-92A9-5D3C0A14FC22}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F7D2391D-4FC0-48C0-8204-97DD495AB85E}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0295FFF5-8B52-476A-ADF3-4FD032D3FA3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EE58C60-56D4-415F-88E3-873EF13BA801}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{13EC9268-7C00-48D7-AFE9-6E4514A75BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19F6300C-CFF5-40C4-AC17-102091AB208B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{209947C0-70D8-4E54-A471-244451E5FB5E}" = protocol=6 | dir=out | app=system |
"{24EB9BD3-75EA-4C33-9573-8DA685EA31E8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{293A5D3C-B32E-4D4C-873D-7C47AF2D5F83}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{2D2D3A36-D6E2-4954-9B59-E072E142106C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32627950-0DC6-413E-ACD7-377C20480E6A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{39B00D4A-7CCF-4F43-82A6-EF726CE16DFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A51540E-4088-4051-B8C4-E37A24B06FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40934DAC-DB00-468F-BD56-CC1876F76BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43238607-EF81-449D-907F-A5577155F559}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{434502A5-A06C-4156-8404-F4FDBA5A52CD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4448812C-01C5-4BED-9CE6-B694B9585D07}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{453AA104-0261-4FEA-9DF2-20373EC5242B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{486445A0-A186-42A5-9A6D-5225C1E59D99}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{5049C5A7-0919-4F3A-9011-CB30C991BFD0}" = protocol=17 | dir=in | app=c:\program files\firebird\firebird_2_1\bin\isql.exe |
"{513A9637-1925-4D8C-BD85-D623E19DBF94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{637E5E75-CA8E-4E54-911C-1FFFC92FC194}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6631BBB3-FD98-46FC-80B6-8BF342217F1E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{70EBB8D8-2EA8-4829-9E1D-B8207389F4C5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{72F330FF-3AA7-41CE-8E8D-191360EEB8CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73C277DB-2A1B-415F-A792-335DB0A9AD1D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{75D9CABF-F224-49BA-ADC0-A915E28BAE6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79A11048-24A3-4D15-A8F2-BFE859E22F67}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7F467B0F-7823-4A24-9623-F9972AB02133}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{821AED37-6ACB-42CB-89D8-9071AA966366}" = protocol=6 | dir=in | app=c:\program files\firebird\firebird_2_1\bin\isql.exe |
"{8552738C-3CF6-4AFE-A35D-5CFDCAADA29F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{85E9ABCC-3129-4CCA-B8FC-7D9BBCFD2039}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{8E44649F-036F-4AC7-8D47-F91D8B37FB62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9044CDB4-71EF-4D83-A479-F91E357ECA13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97258709-941B-43E6-8956-A0563EF55E1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{98C8416A-5B5F-4ECB-8374-7E726C703CB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A1AE03D-2DA0-418F-B658-6F0860D3D836}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9BAC90DE-0AB8-4405-A16C-A91024A3610F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A15513F4-C6B2-4D4D-8389-5A91B30D49B6}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A1A9B745-888E-47F5-8A46-B36CFFEFD7CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA6F67A1-A361-4E04-8230-27A77B4DCCEB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0844610-E91C-42A6-8F94-20F109D02A11}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7673EC4-C1EE-4963-B1F8-1F242D24C771}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C03E3767-8848-461B-B8FC-443D9C151EF9}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{C3DAFE93-B84B-4705-BECB-FB6B789ECAFE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{C407F15F-C2B8-4A6D-A9B9-0E9A15CD17E7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{CE4FA6AF-6063-4417-AF94-0BB8A9F5E077}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFAE6C66-C656-4636-8C0D-645069D45E68}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D24FD4AE-1163-4746-A9DB-D54F4CCD42D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D332A3A4-4759-447A-8513-FB2BD9038B3E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{D68D6392-35CD-4E50-9D68-60CE37DBB5CF}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DD7812D9-9AE6-4222-9E8B-9D975280A059}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{E7A626EA-3D84-4712-A35A-A96B94B0AF9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E91B0150-763F-47E8-B192-15267FBDA77F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBCF4148-2FC1-4622-8D1F-B8ACE7E450F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC079948-8759-42EF-B225-3567CD924B1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE61F86B-0C7E-4834-B8E2-36BC4789F57C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F45B6441-FACF-4EAC-843A-3FD545E863DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA8212D-D2EE-4482-9D4B-5844691A8301}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1691
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-3.2.0.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41B5224D-F3EC-4EF7-0001-C8949A33B608}" = Photomizer 2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}" = Preispiraten
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BE4F388F-E7B6-43E8-8856-6B74AC375A87}" = Media Go
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CB87D276-2F4A-453A-A2D8-D597927C59A0}" = Tabellenbuch Metall digital 6.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection
AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Document Converter_is1" = AVS Document Converter 2.2.3
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BestPractice" = BestPractice (remove only)
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DivX Setup" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ElsterFormular 11.1.3.3887" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
"Firestorm-Release" = Firestorm-Release (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"GridVista" = Acer GridVista
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audiodatei-Mixer
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.02.1578" = Opera 12.02
"Orbit_is1" = Orbit Downloader
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"PDF Blender" = PDF Blender
"pdfsam" = pdfsam
"ProInst" = Intel PROSet Wireless
"RealPlayer 15.0" = RealPlayer
"SAM3" = SAM3 (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Secret City" = Secret City
"Switch" = Switch Audiodatei-Konverter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"ToneGen" = NCH Tone Generator
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.1
"Voxal" = Voxal Voice Changer
"WavePad" = WavePad Audiobearbeitungs-Software
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Wizard101(DE)_is1" = Wizard101(DE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.02.2013 12:20:23 | Computer Name = Crazys | Source = VSS | ID = 40
Description =
Error - 20.02.2013 12:20:23 | Computer Name = Crazys | Source = VSS | ID = 12292
Description =
Error - 20.02.2013 12:22:57 | Computer Name = Crazys | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 18:26:38 | Computer Name = Crazys | Source = VSS | ID = 40
Description =
Error - 20.02.2013 18:26:38 | Computer Name = Crazys | Source = VSS | ID = 12292
Description =
Error - 20.02.2013 18:26:38 | Computer Name = Crazys | Source = VSS | ID = 40
Description =
Error - 20.02.2013 18:26:38 | Computer Name = Crazys | Source = VSS | ID = 12292
Description =
Error - 20.02.2013 18:26:38 | Computer Name = Crazys | Source = VSS | ID = 40
Description =
Error - 20.02.2013 18:26:38 | Computer Name = Crazys | Source = VSS | ID = 12292
Description =
Error - 20.02.2013 18:26:38 | Computer Name = Crazys | Source = System Restore | ID = 8193
Description =
[ OSession Events ]
Error - 04.02.2011 16:35:11 | Computer Name = Crazys | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.03.2011 03:37:47 | Computer Name = Crazys | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.08.2011 07:55:22 | Computer Name = Crazys | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.09.2011 09:37:02 | Computer Name = Crazys | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.02.2013 23:33:41 | Computer Name = Crazys | Source = bowser | ID = 8003
Description =
Error - 09.02.2013 11:47:08 | Computer Name = Crazys | Source = DCOM | ID = 10010
Description =
Error - 09.02.2013 11:59:36 | Computer Name = Crazys | Source = Service Control Manager | ID = 7001
Description =
Error - 13.02.2013 23:28:14 | Computer Name = Crazys | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 03:23:25 | Computer Name = Crazys | Source = Service Control Manager | ID = 7001
Description =
Error - 19.02.2013 05:24:07 | Computer Name = Crazys | Source = Service Control Manager | ID = 7011
Description =
Error - 20.02.2013 12:00:08 | Computer Name = Crazys | Source = Service Control Manager | ID = 7009
Description =
Error - 20.02.2013 12:00:08 | Computer Name = Crazys | Source = Service Control Manager | ID = 7000
Description =
Error - 20.02.2013 12:00:15 | Computer Name = Crazys | Source = Service Control Manager | ID = 7001
Description =
Error - 20.02.2013 12:24:42 | Computer Name = Crazys | Source = Service Control Manager | ID = 7001
Description =
[ TuneUp Events ]
Error - 29.03.2012 07:06:09 | Computer Name = Crazys | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 29.03.2012 07:06:09 | Computer Name = Crazys | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Geändert von Patric (21.02.2013 um 01:42 Uhr) |
|
21.02.2013, 14:35
| #2 |
| /// Malware-holic   | Delta Search Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=mainsite=home File
not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=mainsite=home
File not found
O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\\SECRET~1.EXE File not found
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
O33 - MountPoints2\{5e093213-3016-11de-876e-001e68de55c9}\Shell\AutoRun\command - "" = G:\autorun.bat
O33 - MountPoints2\{798fefe8-92d3-11de-86d2-002269d0fbec}\Shell - "" = AutoRun
O33 - MountPoints2\{798fefe8-92d3-11de-86d2-002269d0fbec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a0e081f6-5115-11de-a33c-002269d0fbec}\Shell - "" = AutoRun
O33 - MountPoints2\{a0e081f6-5115-11de-a33c-002269d0fbec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{df92f3c3-178b-11e1-812c-001e68de55c9}\Shell - "" = AutoRun
O33 - MountPoints2\{df92f3c3-178b-11e1-812c-001e68de55c9}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e19618f6-a86d-11df-ab94-002269d0fbec}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{e80b53a4-e69e-11e0-ad8a-001e68de55c9}\Shell - "" = AutoRun
O33 - MountPoints2\{e80b53a4-e69e-11e0-ad8a-001e68de55c9}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{fa229c2e-462e-11e2-9fba-001e68de55c9}\Shell - "" = AutoRun
O33 - MountPoints2\{fa229c2e-462e-11e2-9fba-001e68de55c9}\Shell\AutoRun\command - "" = G:\Startme.exe
:files
:Commands
[emptytemp]
__________________ |
|
| Themen zu Delta Search |
| adobe, antivir, avg, avira, bandoo, bho, bonjour, defender, delta toolbar, desktop, downloader, dvdvideosoft ltd., ebay, error, firefox, format, home, install.exe, logfile, mozilla, mp3, office 2007, plug-in, realtek, registry, required, rundll, safer networking, scan, software, svchost.exe, teamspeak, vista |
Textbox. 
Linear-Darstellung
