| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2013, 12:49
| #1 |
 |  Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Liebe trojaner-board-Mitglieder, wie aus dem Nichts hat mich heute das Schadprogramm "System Care Antivirus" erwischt. Neben ständig neu auftauchenden falschen Viruswarnungen lassen sich Dateien nicht öffnen. Ebenso können Programme wie bspw. Firefox nicht gestartet werden. Als Betriebsprogramm wird Win 7 verwendet. Als Antivirenpprogramm das kostenlose Avira. Ich habe mich bereits über die Programme defogger, OTL & Gmer eingelesen. Ich bin mir jedoch nicht sicher ,wie ich die Programme auf dem infizierten PC starten soll. Ich habe die exe-Dateien der Programme von einem sauberen PC aus auf einen Stick gezogen. Ich habe diesen bisher noch nicht an den Laptop angeschlossen, da ich zunächst eure Antwort abwarten wollte. Welche Vorgehensweise empfehlt ihr mir? VIELEN DANK im Voraus!  Buddha1986 Zusätzliche Frage: Gestern Abend wurde an den infizierten Laptop ein anderer Stick angeschlossen. Kann ich diesen Stick bedenkenlos an andere Rechner anschliesen, oder besteht die Möglichkeit, dass dieser auch infiziert ist obwohl das Schadprogramm erst heute auf dem Laptop aufgetaucht ist? |
|
06.05.2013, 12:54
| #2 | ||
| /// TB-Ausbilder   | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Hi,
__________________Zitat:
Zitat:
__________________ |
|
06.05.2013, 14:49
| #3 |
| | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Lieber aharonov,
__________________danke für deine Antwort. Ich habe im abgesicherten Modus die Programme durchlaufen lassen. Anbei findest du die dazugehörigen Texte: Text OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.05.2013 15:11:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronya\Desktop\AVA 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 82,71% Memory free 7,35 Gb Paging File | 6,75 Gb Available in Paging File | 91,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,73 Gb Total Space | 177,74 Gb Free Space | 79,80% Space Free | Partition Type: NTFS Drive D: | 223,40 Gb Total Space | 142,90 Gb Free Space | 63,97% Space Free | Partition Type: NTFS Drive F: | 7,50 Gb Total Space | 4,95 Gb Free Space | 65,95% Space Free | Partition Type: FAT32 Computer Name: RONYA-PC | User Name: Ronya | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ronya\Desktop\AVA\OTL.exe (OldTimer Tools) PRC - C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater15.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe () SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=120519&tt=220413_d9116&babsrc=HP_ss&mntrId=8A8890004E5FF338 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=120519&tt=220413_d9116&babsrc=HP_ss&mntrId=8A8890004E5FF338 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=120519&tt=220413_d9116&babsrc=SP_ss&mntrId=8A8890004E5FF338 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www1.delta-search.com/?affID=120519&tt=220413_d9116&babsrc=HP_ss&mntrId=8A8890004E5FF338" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.0.0.2 [2013.03.29 13:04:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 21:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.18 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Extensions [2013.04.23 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Firefox\Profiles\tv6agu9n.default\extensions [2013.04.11 18:49:49 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Ronya\AppData\Roaming\mozilla\Firefox\Profiles\tv6agu9n.default\extensions\ffxtlbr@delta.com [2013.04.23 21:27:36 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\firefox\profiles\tv6agu9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.23 16:10:29 | 000,006,512 | ---- | M] () -- C:\Users\Ronya\AppData\Roaming\mozilla\firefox\profiles\tv6agu9n.default\searchplugins\babylon.xml [2013.04.23 16:10:29 | 000,006,512 | ---- | M] () -- C:\Users\Ronya\AppData\Roaming\mozilla\firefox\profiles\tv6agu9n.default\searchplugins\BrowserProtect.xml [2013.04.23 16:10:37 | 000,001,294 | ---- | M] () -- C:\Users\Ronya\AppData\Roaming\mozilla\firefox\profiles\tv6agu9n.default\searchplugins\delta.xml [2013.04.23 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.29 13:04:50 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013.04.11 18:49:45 | 000,006,508 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\RunOnce: [8A8EAE3165F66B2000008A8E23A8704E] C:\ProgramData\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E.exe () O4 - Startup: C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5421E07E-1390-4F0D-B5B4-80755A20AC91}: DhcpNameServer = 10.57.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F033F05F-CE82-4C4E-AE8D-062DC6046106}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 14:45:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\AVA [2013.05.06 11:23:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.06 11:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\8A8EAE3165F66B2000008A8E23A8704E [2013.05.06 11:15:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.06 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Ronyas_Welt [2013.05.05 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Landschaftsökologischer_Beleg [2013.05.02 10:29:56 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:50:33 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.04.30 13:50:33 | 000,265,216 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll [2013.04.30 13:50:32 | 002,288,181 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll [2013.04.30 13:50:32 | 001,178,112 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll [2013.04.30 13:50:32 | 001,008,128 | ---- | C] (GnuWin32 <hxxp://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\libiconv2.dll [2013.04.30 13:50:32 | 000,265,216 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll [2013.04.30 13:50:32 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll [2013.04.30 13:50:32 | 000,103,424 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll [2013.04.30 13:50:31 | 000,325,376 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll [2013.04.30 13:50:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.04.30 13:47:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2013.04.30 13:41:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.30 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.04.30 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.30 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.30 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\svcpack [2013.04.30 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\ElevatedDiagnostics [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.24 15:31:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.04.23 21:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.04.23 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.23 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Skype [2013.04.23 16:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller [2013.04.23 16:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.23 16:10:47 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.04.23 16:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.21 11:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\hh [2013.04.19 07:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2013.04.15 21:19:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\{603EFAB1-813D-4583-8F98-F7230FAB142C} [2013.04.12 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Windows\XSxS [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Work [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Documents\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\Hogrefe [2013.04.11 18:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Local Settings [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free WAV to MP3 Converter [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV to MP3 Converter [2013.04.11 18:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.04.11 18:49:52 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\BabSolution [2013.04.11 18:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.04.11 18:49:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Babylon [2013.04.11 18:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.04.11 17:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber [2013.04.11 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber [2013.04.11 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.11 17:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2013.04.11 17:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2013.04.11 17:02:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.11 17:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2013.04.10 10:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.04.07 20:21:41 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Plugins [2013.04.06 19:18:15 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Documents\Podcast Studio [2013.04.06 19:17:37 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\SysWow64\advdaudio.ocx [2013.04.06 19:17:37 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll [2013.04.06 19:17:37 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll [2013.04.06 19:17:37 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll [2013.04.06 19:17:37 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll [2013.04.06 19:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design [2013.04.06 19:17:36 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll [2013.04.06 19:17:36 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll [2013.04.06 19:17:36 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax [2013.04.06 19:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Documents\onlineTV 8 [2013.04.06 19:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\concept design [2013.04.06 19:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\concept design [2013.04.06 19:17:13 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.05.06 15:02:09 | 000,000,000 | ---- | M] () -- C:\Users\Ronya\defogger_reenable [2013.05.06 15:00:59 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 15:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 14:55:41 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.05.06 14:53:24 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 14:53:24 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 14:46:37 | 001,645,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 14:46:37 | 000,708,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 14:46:37 | 000,662,114 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 14:46:37 | 000,153,736 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 14:46:37 | 000,125,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.06 13:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.06 11:23:23 | 000,002,052 | ---- | M] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk [2013.05.05 22:48:41 | 000,000,662 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN1433P7X205D1.job [2013.05.02 10:29:42 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:51:27 | 000,020,373 | ---- | M] () -- C:\Windows\unins003.dat [2013.04.30 13:50:44 | 001,199,175 | ---- | M] () -- C:\Windows\unins003.exe [2013.04.30 13:50:43 | 000,010,822 | ---- | M] () -- C:\Windows\unins002.dat [2013.04.30 13:50:29 | 001,187,609 | ---- | M] () -- C:\Windows\unins002.exe [2013.04.30 13:48:57 | 000,007,958 | ---- | M] () -- C:\Windows\unins001.dat [2013.04.30 13:48:45 | 000,709,719 | ---- | M] () -- C:\Windows\unins001.exe [2013.04.30 13:48:07 | 001,672,796 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.30 13:19:39 | 000,588,069 | ---- | M] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.27 16:42:47 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.24 08:38:40 | 000,501,661 | ---- | M] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 000,081,813 | ---- | M] () -- C:\Windows\unins000.dat [2013.04.23 20:50:44 | 001,169,609 | ---- | M] () -- C:\Windows\unins000.exe [2013.04.15 21:20:02 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.11 18:50:09 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 18:47:11 | 000,004,626 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.04.11 17:30:56 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | M] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.11 07:45:43 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.06 15:02:09 | 000,000,000 | ---- | C] () -- C:\Users\Ronya\defogger_reenable [2013.05.06 11:23:23 | 000,002,052 | ---- | C] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk [2013.05.04 10:57:42 | 000,041,016 | ---- | C] () -- C:\Users\Ronya\Desktop\Anleitung Kartierbogen 2002.pdf [2013.04.30 13:50:44 | 001,199,175 | ---- | C] () -- C:\Windows\unins003.exe [2013.04.30 13:50:44 | 000,020,373 | ---- | C] () -- C:\Windows\unins003.dat [2013.04.30 13:50:33 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2013.04.30 13:50:32 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2013.04.30 13:50:32 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll [2013.04.30 13:50:31 | 001,187,609 | ---- | C] () -- C:\Windows\unins002.exe [2013.04.30 13:50:31 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll [2013.04.30 13:50:31 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll [2013.04.30 13:50:31 | 000,010,822 | ---- | C] () -- C:\Windows\unins002.dat [2013.04.30 13:48:46 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2013.04.30 13:48:46 | 000,007,958 | ---- | C] () -- C:\Windows\unins001.dat [2013.04.30 13:31:38 | 000,000,698 | ---- | C] () -- C:\Users\Ronya\Desktop\WinPKG.xml [2013.04.30 13:31:38 | 000,000,355 | ---- | C] () -- C:\Users\Ronya\Desktop\entries_AiORuntimes.ini [2013.04.30 13:19:39 | 000,588,069 | ---- | C] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.24 08:38:40 | 000,501,661 | ---- | C] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe [2013.04.23 20:50:52 | 000,081,813 | ---- | C] () -- C:\Windows\unins000.dat [2013.04.23 16:13:54 | 001,672,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.15 21:20:02 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.12 08:32:55 | 000,114,176 | ---- | C] () -- C:\Users\Ronya\AppData\Roaming\BabMaint.exe [2013.04.11 18:50:09 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 17:30:56 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | C] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.06 19:17:37 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2013.04.06 19:17:37 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2013.04.06 19:17:36 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2013.04.04 22:32:01 | 000,004,626 | ---- | C] () -- C:\Windows\cdplayer.ini [2013.04.04 22:07:07 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2013.04.01 21:06:28 | 000,000,421 | ---- | C] () -- C:\Windows\wininit.ini [2012.10.18 15:47:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.18 15:43:19 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.09.05 18:34:45 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.09.05 18:34:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.09.05 18:34:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.09.05 18:34:45 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.09.05 18:34:44 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.09.05 18:34:42 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.05 17:57:31 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.11 18:49:53 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\BabSolution [2013.04.11 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Babylon [2013.04.06 19:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\concept design [2013.03.29 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DeepBurner [2013.05.06 14:42:32 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Dropbox [2013.04.02 14:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DVDVideoSoft [2013.04.01 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\GlarySoft [2013.04.12 15:42:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.11 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.12 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.23 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.04 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\PowerCinema [2013.04.05 11:03:12 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\TrueCrypt [2013.03.18 12:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Text EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.05.2013 15:11:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronya\Desktop\AVA
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 82,71% Memory free
7,35 Gb Paging File | 6,75 Gb Available in Paging File | 91,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,73 Gb Total Space | 177,74 Gb Free Space | 79,80% Space Free | Partition Type: NTFS
Drive D: | 223,40 Gb Total Space | 142,90 Gb Free Space | 63,97% Space Free | Partition Type: NTFS
Drive F: | 7,50 Gb Total Space | 4,95 Gb Free Space | 65,95% Space Free | Partition Type: FAT32
Computer Name: RONYA-PC | User Name: Ronya | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23BB997A-5C83-4976-8948-8D6873B3D79B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{799B18B6-B76C-4EE1-AB46-A5153DB4E798}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E5862FF6-41CE-47F1-8269-6340CE64957A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01487B73-3D3F-4023-A479-68A6E411CE2A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{08F31691-F7A5-4EAC-8E65-23BDC0E96254}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0B88FE15-AD91-4AC8-9B3E-B61C8552168B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{0BFD7A8F-10A0-48BD-AF45-11CA65E1FF58}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1059427C-3ED5-450B-A270-B7EA4A3C863B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2F02CE43-2A80-4D1B-85C2-F60478747F27}" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\onlinetv 8\onlinetvstarter.exe |
"{3324B2D4-D1FD-495D-AB7A-2E5BCF2AD2CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{34348FB6-A0E2-445D-A3CB-60E04645A739}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{39600F73-42E4-41E5-9447-154C545F8392}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{51AA6552-B3CC-440E-94B7-874CF569923D}" = protocol=17 | dir=in | app=c:\users\ronya\appdata\roaming\dropbox\bin\dropbox.exe |
"{679249DD-B57F-429C-A784-AB5AF10774D3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6B5DA489-F611-4A45-A283-1F0526BA5279}" = protocol=6 | dir=out | app=c:\program files (x86)\concept design\onlinetv 8\onlinetv.exe |
"{7764D1E6-3E6F-4DE6-A696-773F26FBCC03}" = protocol=6 | dir=out | app=c:\program files (x86)\concept design\onlinetv 8\onlinetvstarter.exe |
"{82541B7A-6081-4358-BDDF-12EDE27B77E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A375154F-8E62-4A3E-B2A1-91E1E840DE00}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{B045221A-2C64-4043-B768-E40D74FDED47}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B1D0AC30-90F7-4325-8784-AF02F101B3BF}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{BCBD13E8-0D9E-4220-ABA8-1F2E970DBFD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BD7FCB11-027E-4B6E-8AC6-C9517345A78A}" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\onlinetv 8\onlinetv.exe |
"{BFE518DF-BC58-4891-ABB8-A8DCF5BC53D9}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D20D174B-1C8B-4CA3-B6AA-37FBA90134B3}" = protocol=6 | dir=in | app=c:\users\ronya\appdata\roaming\dropbox\bin\dropbox.exe |
"{E6274A9D-9144-4D0E-AA15-6A6B97B5CD98}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E6A0BF60-ED20-49A9-9602-7DBAF7F2D0E0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{E8EA3281-C349-4826-8FA3-655229688B8B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{F1513E9D-9412-4B3C-8F89-F2106ED4075D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FACAC9CB-BBC1-4F23-9AF5-13231E19F7D9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{FBA148D5-DE50-4981-AD78-964CC6D18BDA}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"TCP Query User{E27F38C1-1AF6-4013-A27E-AA2F4EEC4C57}C:\users\ronya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ronya\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4498CED6-49D6-4662-A4AB-381EEA05AFB5}C:\users\ronya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ronya\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D0C4E3C-BEFA-4D5C-9149-7265A8F3CCDB}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{54B0845F-5540-4492-9939-CD8880ABABF0}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36047D4-E932-C4B2-0DF2-94C8577468A9}" = ATI Catalyst Install Manager
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB80D7F6-DFF5-3B08-9CB4-2FD91DB6B0BC}" = ccc-utility64
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"CCleaner" = CCleaner
"M928366" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01D26B11-2DCC-21E9-1CBE-1A84F29C5615}" = CCC Help French
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D12A299-A473-480A-AEF4-05DB1733AEB0}" = InkSaver
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D3D90-24FC-B4F1-3188-B30DDEDA4930}" = CCC Help Norwegian
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{26FC7F7F-8CC0-BB65-7BD5-DE6B84397517}" = Catalyst Control Center Graphics Full Existing
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FD186BB-0278-AE1C-5A6A-FEEDA2E628B2}" = CCC Help Korean
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C2060B5-40BB-5BF2-7D8C-5F50A45FE8FF}" = CCC Help Dutch
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286A2D8-127A-D067-D03E-5B619E4BA39D}" = Catalyst Control Center Graphics Previews Vista
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 4.1.1
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5271E2B2-880F-5484-8972-D7F89CCEC3EF}" = CCC Help Chinese Standard
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{599ECF38-67E6-3D93-D41D-7D36AF54B5F7}" = Catalyst Control Center Localization All
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F9F80A-A9F6-FA9B-836A-4DF3AD89157C}" = CCC Help Japanese
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67B2A8FD-0BF5-A71C-03C3-287AF5894FF6}" = CCC Help Finnish
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6A81E096-41E9-2D35-53E1-E45677F14D73}" = CCC Help English
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D079713-D160-DB5E-74C8-36D037F687AD}" = Catalyst Control Center InstallProxy
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6FD38C99-A371-F491-CB0A-D42DD467640E}" = Catalyst Control Center Core Implementation
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7225AFBA-5C8D-90EB-B768-8B10EC636757}" = ccc-core-static
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B3A7453-BC40-A694-01EE-FCFCA728D882}" = CCC Help Polish
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BA3A243-7D3D-844E-B851-CA35D782FF9F}" = CCC Help Turkish
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D3D44F5-C798-2D03-FC42-A5007C516AE6}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90C3A9F7-B751-718E-DBA1-4D81F82E9969}" = Catalyst Control Center Graphics Full New
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93DCD69C-49D9-A710-BA7C-90C13DB491D3}" = Catalyst Control Center Graphics Light
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9DEC152C-A8EB-3048-A758-5136B5E46F49}" = CCC Help Thai
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0A7E755-8234-8E24-F246-B4A832E0E331}" = CCC Help Czech
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4489FF3-B501-D9AB-7E48-34A092C2F423}" = CCC Help Italian
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB0EC377-ECAF-7252-C2B7-BAD2FEF6FAC2}" = CCC Help Danish
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{ac3600d2-e1b3-4573-bef7-73f9409d6393}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE710981-9CAE-463F-817F-48F7BB6F93CF}_is1" = Free WAV to MP3 Converter
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B40A2996-D76F-4D2A-D7DF-230B7DD63948}" = CCC Help Swedish
"{B5C44728-55D9-A94E-7951-B8AB8841E3AA}" = CCC Help Hungarian
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C54DA176-5E55-EDEE-EEBF-9894DB61B8C1}" = CCC Help Russian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1079D9F-7778-366C-AA9F-F3AC68EC8141}" = PX Profile Update
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1" = concept/design onlineTV 8
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09D4613-287C-74AB-3FF1-FA8B49BB049C}" = CCC Help German
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED34C5C7-715F-E278-7646-1152667B228D}" = CCC Help Portuguese
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6549C92-F6A2-78C6-4BEB-26D2966347EE}" = CCC Help Greek
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FAC2C91B-0953-94F6-AD56-8088C7AC280E}" = CCC Help Spanish
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 12.0
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DomaIQ Uninstaller" = DomaIQ
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Glary Utilities_is1" = Glary Utilities 2.52.0.1698
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"TrueCrypt" = TrueCrypt
"Video Downloader_is1" = Video Downloader version 2.0
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.03.2013 13:43:35 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.03.2013 14:01:20 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.03.2013 17:15:06 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.03.2013 06:53:18 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.03.2013 11:25:06 | Computer Name = Ronya-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1051,
Zeitstempel: 0x4bcee2f2 Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054,
Zeitstempel: 0x4bced60a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001e8d8
ID
des fehlerhaften Prozesses: 0x490 Startzeit der fehlerhaften Anwendung: 0x01ce287dbec9866e
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\atiadlxx.dll Berichtskennung: 016653cd-9497-11e2-9846-90004e5ff338
Error - 25.03.2013 01:33:58 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 08:33:16 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 11:44:52 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 12:59:46 | Computer Name = Ronya-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.03.2013 04:26:11 | Computer Name = Ronya-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 30.04.2013 07:53:06 | Computer Name = Ronya-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18684
seconds with 480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.04.2013 12:26:41 | Computer Name = Ronya-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 11.04.2013 12:27:07 | Computer Name = Ronya-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 21.04.2013 05:54:49 | Computer Name = Ronya-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 21.04.2013 05:55:33 | Computer Name = Ronya-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 21.04.2013 05:55:33 | Computer Name = Ronya-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 23.04.2013 15:18:45 | Computer Name = Ronya-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 23.04.2013 15:18:45 | Computer Name = Ronya-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 29.04.2013 03:36:58 | Computer Name = Ronya-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.04.2013 03:36:58 | Computer Name = Ronya-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.04.2013 03:36:59 | Computer Name = Ronya-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Text Gmer: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-06 15:34:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Ronya\AppData\Local\Temp\kwlorpob.sys
---- User code sections - GMER 2.1 ----
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002f3f1afc 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002f3f1b53 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002f3f1b96 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002f3f1bdc 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002f3f1d38 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002f3f1dff 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002f3f1e14 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002f3f1e20 2 bytes [3F, 2F]
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000772687b1 5 bytes JMP 0000000170e050b8
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076e16143 5 bytes JMP 00000001718ce11a
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\Windows\syswow64\OLEAUT32.DLL!SysFreeString 0000000076d23e59 5 bytes JMP 0000000170e31b8f
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\Windows\syswow64\OLEAUT32.DLL!VariantClear 0000000076d23eae 5 bytes JMP 0000000170e3c68a
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\Windows\syswow64\OLEAUT32.DLL!SysAllocStringByteLen 0000000076d24731 5 bytes JMP 0000000170e3fac2
.text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1540] C:\Windows\syswow64\OLEAUT32.DLL!VariantChangeType 0000000076d25dee 5 bytes JMP 0000000170e3ff84
---- EOF - GMER 2.1 ----
Ich hoffe ich habe es richtig gemacht und freue mich auf deine Antwort. Buddha1986  |
|
06.05.2013, 18:05
| #4 |
| /// TB-Ausbilder | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Hallo, jawohl, alles richtig gemacht. Dann immer noch im abgesicherten Modus: Schritt 1 Scan mit Combofix
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
06.05.2013, 18:27
| #5 |
| |  Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Hey Leo,anbei der Log von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 13-05-06.03 - Ronya 06.05.2013 19:15:41.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3764.2285 [GMT 2:00]
ausgeführt von:: c:\users\Ronya\Downloads\ComboFix.exe
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E.exe
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E.ico
c:\programdata\FullRemove.exe
c:\users\Ronya\AppData\Roaming\BabMaint.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-06 bis 2013-05-06 ))))))))))))))))))))))))))))))
.
.
2013-05-06 17:18 . 2013-05-06 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 09:15 . 2013-05-06 09:15 -------- d-----w- c:\windows\Sun
2013-05-02 08:29 . 2013-05-02 08:29 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-30 11:50 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-04-30 11:48 . 2013-04-30 11:48 709719 ----a-w- c:\windows\unins001.exe
2013-04-30 11:39 . 2013-04-30 11:40 -------- d-----w- c:\programdata\Package Cache
2013-04-30 11:38 . 2013-04-30 11:38 310688 ----a-w- c:\windows\system32\javaws.exe
2013-04-30 11:38 . 2013-04-30 11:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-30 11:38 . 2013-04-30 11:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-30 11:38 . 2013-04-30 11:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-30 11:38 . 2013-04-30 11:38 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-30 11:38 . 2013-04-30 11:38 188320 ----a-w- c:\windows\system32\java.exe
2013-04-30 11:38 . 2013-04-30 11:38 -------- d-----w- c:\program files\Java
2013-04-30 11:38 . 2013-04-30 11:37 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-30 11:37 . 2013-04-30 11:37 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-30 11:37 . 2013-04-30 11:37 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 11:37 . 2013-04-30 11:37 -------- d-----w- c:\program files (x86)\Java
2013-04-30 10:19 . 2013-04-30 10:19 -------- d-----w- c:\users\Ronya\AppData\Local\ElevatedDiagnostics
2013-04-27 14:42 . 2013-04-27 14:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-24 13:31 . 2013-04-27 14:42 -------- d-----r- c:\program files (x86)\Skype
2013-04-24 03:54 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 19:26 . 2013-04-10 06:57 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-04-23 19:26 . 2013-04-10 06:57 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-23 19:08 . 2013-04-23 19:08 -------- d-----w- c:\program files\CCleaner
2013-04-23 18:50 . 2013-04-23 18:50 1169609 ----a-w- c:\windows\unins000.exe
2013-04-23 16:15 . 2013-05-06 05:13 -------- d-----w- c:\users\Ronya\AppData\Roaming\Skype
2013-04-23 14:17 . 2013-04-23 14:17 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-04-23 14:14 . 2013-04-23 14:16 -------- d-----w- c:\users\Ronya\AppData\Roaming\player
2013-04-23 14:10 . 2013-04-23 14:17 -------- d-----w- c:\program files (x86)\Optimizer Pro
2013-04-21 20:21 . 2013-04-21 20:21 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-04-21 20:21 . 2013-04-21 20:21 -------- d-----w- c:\windows\SysWow64\Extensions
2013-04-19 05:07 . 2013-04-01 17:58 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-15 19:20 . 2013-04-15 19:20 -------- d-----w- c:\program files (x86)\FLV Player
2013-04-12 13:42 . 2013-04-12 13:42 -------- d-----w- c:\users\Ronya\AppData\Roaming\Hogrefe
2013-04-12 13:42 . 2013-04-12 13:42 -------- d-----w- C:\Work
2013-04-12 13:42 . 2013-04-12 13:42 -------- d-----w- c:\users\Ronya\AppData\Local\Hogrefe
2013-04-11 16:50 . 2013-04-11 16:50 -------- d-----w- c:\program files (x86)\Free WAV to MP3 Converter
2013-04-11 16:49 . 2013-04-23 19:17 -------- d-----w- c:\programdata\BrowserProtect
2013-04-11 16:49 . 2013-04-11 16:49 -------- d-----w- c:\users\Ronya\AppData\Roaming\BabSolution
2013-04-11 16:49 . 2013-04-11 16:49 -------- d-----w- c:\program files (x86)\Delta
2013-04-11 16:49 . 2013-04-11 16:49 -------- d-----w- c:\users\Ronya\AppData\Roaming\Babylon
2013-04-11 16:49 . 2013-04-11 16:49 -------- d-----w- c:\programdata\Babylon
2013-04-11 15:30 . 2013-04-11 15:30 -------- d-----w- c:\program files (x86)\Audiograbber
2013-04-11 15:23 . 2013-04-12 15:11 -------- d-----w- c:\users\Ronya\AppData\Roaming\Mp3tag
2013-04-11 15:23 . 2013-04-11 15:23 -------- d-----w- c:\program files (x86)\Mp3tag
2013-04-11 15:02 . 2013-04-11 15:02 -------- d-----w- c:\users\Ronya\AppData\Roaming\mp3DirectCut
2013-04-11 15:02 . 2013-04-11 15:02 -------- d-----w- c:\program files (x86)\mp3DirectCut
2013-04-10 11:18 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 08:07 . 2013-04-24 09:21 -------- d-----w- c:\programdata\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 19:04 . 2013-02-21 10:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 19:04 . 2013-02-21 10:18 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 22:03 . 2013-04-01 22:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-01 22:03 . 2013-04-01 22:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-01 22:03 . 2013-04-01 22:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-01 22:03 . 2013-04-01 22:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-01 22:03 . 2013-04-01 22:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-01 22:03 . 2013-04-01 22:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-01 22:03 . 2013-04-01 22:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-01 22:03 . 2013-04-01 22:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-01 22:03 . 2013-04-01 22:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-01 22:03 . 2013-04-01 22:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-01 22:03 . 2013-04-01 22:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-01 22:03 . 2013-04-01 22:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-01 22:03 . 2013-04-01 22:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-01 22:03 . 2013-04-01 22:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-01 22:03 . 2013-04-01 22:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-01 22:03 . 2013-04-01 22:03 441856 ----a-w- c:\windows\system32\html.iec
2013-04-01 22:03 . 2013-04-01 22:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-01 22:03 . 2013-04-01 22:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-01 22:03 . 2013-04-01 22:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-01 22:03 . 2013-04-01 22:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-01 22:03 . 2013-04-01 22:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-01 22:03 . 2013-04-01 22:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-01 22:03 . 2013-04-01 22:03 235008 ----a-w- c:\windows\system32\url.dll
2013-04-01 22:03 . 2013-04-01 22:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-01 22:03 . 2013-04-01 22:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-01 22:03 . 2013-04-01 22:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-01 22:03 . 2013-04-01 22:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-01 22:03 . 2013-04-01 22:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-01 22:03 . 2013-04-01 22:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-01 22:03 . 2013-04-01 22:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-01 22:03 . 2013-04-01 22:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-01 22:03 . 2013-04-01 22:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-01 22:03 . 2013-04-01 22:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-01 22:03 . 2013-04-01 22:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-01 22:03 . 2013-04-01 22:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-01 22:03 . 2013-04-01 22:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-01 22:03 . 2013-04-01 22:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-01 22:03 . 2013-04-01 22:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-01 22:03 . 2013-04-01 22:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-01 22:03 . 2013-04-01 22:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-01 22:03 . 2013-04-01 22:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-01 22:03 . 2013-04-01 22:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-01 22:03 . 2013-04-01 22:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-01 22:03 . 2013-04-01 22:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-01 22:03 . 2013-04-01 22:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-01 22:03 . 2013-04-01 22:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-01 22:03 . 2013-04-01 22:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-01 22:03 . 2013-04-01 22:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-01 22:03 . 2013-04-01 22:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-01 11:06 . 2013-04-01 11:06 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-03-29 11:04 . 2013-03-29 11:04 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-20 09:37 . 2013-03-20 09:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-20 09:37 . 2013-03-20 09:37 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-20 09:37 . 2013-03-20 09:37 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-19 10:46 . 2010-06-24 18:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-12 05:45 . 2013-03-16 18:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 18:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 18:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 18:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 18:10 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 18:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-19 11:16 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-03-13 11:00 251288 ----a-w- c:\program files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll" [2013-03-13 325016]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-05 98304]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-03-29 1219248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-5 25863280]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261249~1.132\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-20 28600]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-20 202752]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-20 86752]
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-22 2787280]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-15 822304]
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-03-29 990896]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-06-05 10326784]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-29 39768]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KWLORPOB
*Deregistered* - kwlorpob
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-21 19:04]
.
2013-05-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-02-19 23:26]
.
2013-05-05 c:\windows\Tasks\hpwebreg_CN1433P7X205D1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-05 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-05 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-05 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-15 496160]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.delta-search.com/?affID=120519&tt=220413_d9116&babsrc=HP_ss&mntrId=8A8890004E5FF338
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?affID=120519&tt=220413_d9116&babsrc=HP_ss&mntrId=8A8890004E5FF338
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-29 12:04; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\15.0.0.2
FF - ExtSQL: 2013-04-11 18:49; ffxtlbr@delta.com; c:\users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-04-23 21:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 8a886b2000000000000090004e5ff338
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15818
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1616:10
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-06 19:19:56
ComboFix-quarantined-files.txt 2013-05-06 17:19
.
Vor Suchlauf: 9 Verzeichnis(se), 190.702.661.632 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 190.332.059.648 Bytes frei
.
- - End Of File - - 10586BE18586CCBC8C31E7E4AD497B7D
Freue mich immer noch auf deine Antwort. Steffen |
|
06.05.2013, 18:37
| #6 |
| /// TB-Ausbilder | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Hallo Steffen, Combofix sollte das Ding erwischt haben. Du kannst also ab jetzt wieder im normalen Modus arbeiten. Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen |
|
06.05.2013, 19:04
| #7 |
| | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Lieber Leo, du hast Recht, nach de Neustart funktioniert alles wieder wie gewohnt. Ich bin begeistert von diesem Forum, in welchem man so kompetent und strukturiert Unterstützung findet. Vielen Dank dafür! Anbei die beiden Logs:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 06/05/2013 um 19:49:52 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ronya - RONYA-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Ronya\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Ronya\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\searchplugins\BrowserProtect.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\FreeRIP
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\Users\Ronya\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Ronya\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5357d6d1b26eee41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5357d6d1b26eee41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119816&tt=110413_www&babsrc=HP_ss&mntrId=8A8890004E5FF338 --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\prefs.js
C:\Users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4456 octets] - [06/05/2013 19:49:52]
########## EOF - C:\AdwCleaner[S1].txt - [4516 octets] ##########OTL Logfile:
Code:
ATTFilter OTL logfile created on: 06.05.2013 19:55:14 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronya\Desktop\AVA 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 60,59% Memory free 7,35 Gb Paging File | 5,65 Gb Available in Paging File | 76,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,73 Gb Total Space | 177,47 Gb Free Space | 79,68% Space Free | Partition Type: NTFS Drive D: | 223,40 Gb Total Space | 142,90 Gb Free Space | 63,97% Space Free | Partition Type: NTFS Computer Name: RONYA-PC | User Name: Ronya | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ronya\Desktop\AVA\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Ronya\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Ronya\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\..\SearchScopes\{1018FB3F-0AD5-4375-BF9A-D4FA9EDFAECF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=723 IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 21:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.18 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Extensions [2013.05.06 19:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Firefox\Profiles\tv6agu9n.default\extensions [2013.04.23 21:27:36 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\firefox\profiles\tv6agu9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.23 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.06 19:18:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5421E07E-1390-4F0D-B5B4-80755A20AC91}: DhcpNameServer = 10.57.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F033F05F-CE82-4C4E-AE8D-062DC6046106}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 19:52:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.06 19:19:58 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.06 19:15:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.06 19:15:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.06 19:15:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.06 19:13:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.06 19:12:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.06 14:45:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\AVA [2013.05.06 11:23:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.06 11:15:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.06 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Ronyas_Welt [2013.05.05 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Landschaftsökologischer_Beleg [2013.05.02 10:29:56 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:50:33 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.04.30 13:50:33 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\ssleay32.dll [2013.04.30 13:50:32 | 002,288,181 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll [2013.04.30 13:50:32 | 001,178,112 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libeay32.dll [2013.04.30 13:50:32 | 001,008,128 | ---- | C] (GnuWin32 <hxxp://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\libiconv2.dll [2013.04.30 13:50:32 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libssl32.dll [2013.04.30 13:50:32 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll [2013.04.30 13:50:32 | 000,103,424 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll [2013.04.30 13:50:31 | 000,325,376 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll [2013.04.30 13:50:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.04.30 13:41:36 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.04.30 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.04.30 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.30 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.30 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\svcpack [2013.04.30 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\ElevatedDiagnostics [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.24 15:31:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.04.23 21:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.04.23 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.23 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Skype [2013.04.23 16:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.21 11:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\hh [2013.04.19 07:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2013.04.15 21:19:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\{603EFAB1-813D-4583-8F98-F7230FAB142C} [2013.04.12 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Work [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Documents\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\Hogrefe [2013.04.11 18:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Local Settings [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free WAV to MP3 Converter [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV to MP3 Converter [2013.04.11 17:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber [2013.04.11 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber [2013.04.11 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.11 17:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2013.04.11 17:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2013.04.11 17:02:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.11 17:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2013.04.07 20:21:41 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Plugins ========== Files - Modified Within 30 Days ========== [2013.05.06 19:58:47 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 19:58:47 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.06 19:51:29 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.05.06 19:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 19:51:02 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 19:18:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.06 15:02:09 | 000,000,000 | ---- | M] () -- C:\Users\Ronya\defogger_reenable [2013.05.06 14:46:37 | 001,645,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 14:46:37 | 000,708,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 14:46:37 | 000,662,114 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 14:46:37 | 000,153,736 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 14:46:37 | 000,125,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.06 11:23:23 | 000,002,052 | ---- | M] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk [2013.05.05 22:48:41 | 000,000,662 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN1433P7X205D1.job [2013.05.02 10:29:42 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:51:27 | 000,020,373 | ---- | M] () -- C:\Windows\unins003.dat [2013.04.30 13:50:44 | 001,199,175 | ---- | M] () -- C:\Windows\unins003.exe [2013.04.30 13:50:43 | 000,010,822 | ---- | M] () -- C:\Windows\unins002.dat [2013.04.30 13:50:29 | 001,187,609 | ---- | M] () -- C:\Windows\unins002.exe [2013.04.30 13:48:57 | 000,007,958 | ---- | M] () -- C:\Windows\unins001.dat [2013.04.30 13:48:45 | 000,709,719 | ---- | M] () -- C:\Windows\unins001.exe [2013.04.30 13:48:07 | 001,672,796 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.30 13:19:39 | 000,588,069 | ---- | M] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.27 16:42:47 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.24 08:38:40 | 000,501,661 | ---- | M] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 000,081,813 | ---- | M] () -- C:\Windows\unins000.dat [2013.04.23 20:50:44 | 001,169,609 | ---- | M] () -- C:\Windows\unins000.exe [2013.04.15 21:20:02 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.11 18:50:09 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 18:47:11 | 000,004,626 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.04.11 17:30:56 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | M] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.11 07:45:43 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.06 19:15:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.06 19:15:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.06 19:15:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.06 19:15:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.06 19:15:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.06 15:02:09 | 000,000,000 | ---- | C] () -- C:\Users\Ronya\defogger_reenable [2013.05.06 11:23:23 | 000,002,052 | ---- | C] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk [2013.05.04 10:57:42 | 000,041,016 | ---- | C] () -- C:\Users\Ronya\Desktop\Anleitung Kartierbogen 2002.pdf [2013.04.30 13:50:44 | 001,199,175 | ---- | C] () -- C:\Windows\unins003.exe [2013.04.30 13:50:44 | 000,020,373 | ---- | C] () -- C:\Windows\unins003.dat [2013.04.30 13:50:33 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2013.04.30 13:50:32 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2013.04.30 13:50:32 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll [2013.04.30 13:50:31 | 001,187,609 | ---- | C] () -- C:\Windows\unins002.exe [2013.04.30 13:50:31 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll [2013.04.30 13:50:31 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll [2013.04.30 13:50:31 | 000,010,822 | ---- | C] () -- C:\Windows\unins002.dat [2013.04.30 13:48:46 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2013.04.30 13:48:46 | 000,007,958 | ---- | C] () -- C:\Windows\unins001.dat [2013.04.30 13:31:38 | 000,000,698 | ---- | C] () -- C:\Users\Ronya\Desktop\WinPKG.xml [2013.04.30 13:31:38 | 000,000,355 | ---- | C] () -- C:\Users\Ronya\Desktop\entries_AiORuntimes.ini [2013.04.30 13:19:39 | 000,588,069 | ---- | C] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.24 08:38:40 | 000,501,661 | ---- | C] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe [2013.04.23 20:50:52 | 000,081,813 | ---- | C] () -- C:\Windows\unins000.dat [2013.04.23 16:13:54 | 001,672,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.15 21:20:02 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.11 18:50:09 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 17:30:56 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | C] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.06 19:17:37 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2013.04.06 19:17:37 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2013.04.06 19:17:36 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2013.04.04 22:32:01 | 000,004,626 | ---- | C] () -- C:\Windows\cdplayer.ini [2013.04.04 22:07:07 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.10.18 15:47:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.18 15:43:19 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.09.05 18:34:45 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.09.05 18:34:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.09.05 18:34:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.09.05 18:34:45 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.09.05 18:34:44 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.09.05 18:34:42 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.06 19:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\concept design [2013.03.29 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DeepBurner [2013.05.06 19:53:06 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Dropbox [2013.04.02 14:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DVDVideoSoft [2013.04.01 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\GlarySoft [2013.04.12 15:42:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.11 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.12 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.23 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.04 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\PowerCinema [2013.04.05 11:03:12 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\TrueCrypt [2013.03.18 12:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Sonnige Energie Steffen |
|
06.05.2013, 19:09
| #8 |
| /// TB-Ausbilder | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Hallo Steffen, sieht schon besser aus. Wir kontrollieren nochmals: Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2013.05.06 11:23:23 | 000,002,052 | ---- | C] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
09.05.2013, 11:28
| #9 |
| | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Lieber Leo, ich hatte die letzten Tage privat viel um die Ohren und kam daher bis heute noch nicht dazu deine letzten Anweisungen auszuführen. Nachdem der PC nun 3 Tage keine Probleme gemacht hat, ist System Care heute wieder mit genau den gleichen Symptomen aufgetaucht. Ich nehme mal an, dass ich nun zunächst die vorherigen Schritte, die ich bereits durchlaufen haben noch einmal ausführen muss bevor ich mich an deine letzten Anweisungen machen kann. Daher noch einmal:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.05.2013 12:00:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = F:\AVA 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 79,47% Memory free 7,35 Gb Paging File | 6,64 Gb Available in Paging File | 90,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,73 Gb Total Space | 174,73 Gb Free Space | 78,45% Space Free | Partition Type: NTFS Drive D: | 223,40 Gb Total Space | 142,89 Gb Free Space | 63,96% Space Free | Partition Type: NTFS Drive F: | 7,50 Gb Total Space | 4,95 Gb Free Space | 65,95% Space Free | Partition Type: FAT32 Computer Name: RONYA-PC | User Name: Ronya | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\AVA\OTL.exe (OldTimer Tools) PRC - C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Free PDF to Word Doc Converter\pdf2word.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Free PDF to Word Doc Converter\pdf2word.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{1018FB3F-0AD5-4375-BF9A-D4FA9EDFAECF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=723 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 21:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.18 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Extensions [2013.05.08 23:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Firefox\Profiles\tv6agu9n.default\extensions [2013.05.08 23:31:35 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\firefox\profiles\tv6agu9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.23 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.06 19:18:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\RunOnce: [8A8EAE3165F66B2000008A8E23A8704E] C:\ProgramData\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E.exe () O4 - Startup: C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5421E07E-1390-4F0D-B5B4-80755A20AC91}: DhcpNameServer = 10.57.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F033F05F-CE82-4C4E-AE8D-062DC6046106}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.09 10:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\8A8EAE3165F66B2000008A8E23A8704E [2013.05.06 19:52:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.06 19:19:58 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.06 19:15:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.06 19:15:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.06 19:15:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.06 19:13:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.06 19:12:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.06 14:45:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\AVA [2013.05.06 11:23:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.06 11:15:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.06 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Ronyas_Welt [2013.05.05 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Landschaftsökologischer_Beleg [2013.05.02 10:29:56 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:50:33 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.04.30 13:50:33 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\ssleay32.dll [2013.04.30 13:50:32 | 002,288,181 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll [2013.04.30 13:50:32 | 001,178,112 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libeay32.dll [2013.04.30 13:50:32 | 001,008,128 | ---- | C] (GnuWin32 <hxxp://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\libiconv2.dll [2013.04.30 13:50:32 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libssl32.dll [2013.04.30 13:50:32 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll [2013.04.30 13:50:32 | 000,103,424 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll [2013.04.30 13:50:31 | 000,325,376 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll [2013.04.30 13:50:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.04.30 13:41:36 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.04.30 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.04.30 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.30 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.30 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\svcpack [2013.04.30 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\ElevatedDiagnostics [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.24 15:31:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.04.23 21:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.04.23 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.23 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Skype [2013.04.23 16:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.21 11:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\hh [2013.04.19 07:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2013.04.15 21:19:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\{603EFAB1-813D-4583-8F98-F7230FAB142C} [2013.04.12 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Work [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Documents\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\Hogrefe [2013.04.11 18:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Local Settings [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free WAV to MP3 Converter [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV to MP3 Converter [2013.04.11 17:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber [2013.04.11 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber [2013.04.11 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.11 17:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2013.04.11 17:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2013.04.11 17:02:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.11 17:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut ========== Files - Modified Within 30 Days ========== [2013.05.09 11:29:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.09 11:29:07 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys [2013.05.09 11:07:30 | 000,002,052 | ---- | M] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk [2013.05.09 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.09 09:07:30 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 09:07:30 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 08:59:04 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.05.08 10:38:19 | 001,645,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.08 10:38:19 | 000,708,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.08 10:38:19 | 000,662,114 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.08 10:38:19 | 000,153,736 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.08 10:38:19 | 000,125,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.08 00:06:05 | 000,000,662 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN1433P7X205D1.job [2013.05.06 19:18:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.06 15:02:09 | 000,000,000 | ---- | M] () -- C:\Users\Ronya\defogger_reenable [2013.05.02 10:29:42 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:51:27 | 000,020,373 | ---- | M] () -- C:\Windows\unins003.dat [2013.04.30 13:50:44 | 001,199,175 | ---- | M] () -- C:\Windows\unins003.exe [2013.04.30 13:50:43 | 000,010,822 | ---- | M] () -- C:\Windows\unins002.dat [2013.04.30 13:50:29 | 001,187,609 | ---- | M] () -- C:\Windows\unins002.exe [2013.04.30 13:48:57 | 000,007,958 | ---- | M] () -- C:\Windows\unins001.dat [2013.04.30 13:48:45 | 000,709,719 | ---- | M] () -- C:\Windows\unins001.exe [2013.04.30 13:48:07 | 001,672,796 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.30 13:19:39 | 000,588,069 | ---- | M] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.27 16:42:47 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.24 08:38:40 | 000,501,661 | ---- | M] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 000,081,813 | ---- | M] () -- C:\Windows\unins000.dat [2013.04.23 20:50:44 | 001,169,609 | ---- | M] () -- C:\Windows\unins000.exe [2013.04.15 21:20:02 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.11 18:50:09 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 18:47:11 | 000,004,626 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.04.11 17:30:56 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | M] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.11 07:45:43 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.09 11:07:30 | 000,002,052 | ---- | C] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk [2013.05.06 19:15:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.06 19:15:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.06 19:15:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.06 19:15:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.06 19:15:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.06 15:02:09 | 000,000,000 | ---- | C] () -- C:\Users\Ronya\defogger_reenable [2013.05.04 10:57:42 | 000,041,016 | ---- | C] () -- C:\Users\Ronya\Desktop\Anleitung Kartierbogen 2002.pdf [2013.04.30 13:50:44 | 001,199,175 | ---- | C] () -- C:\Windows\unins003.exe [2013.04.30 13:50:44 | 000,020,373 | ---- | C] () -- C:\Windows\unins003.dat [2013.04.30 13:50:33 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2013.04.30 13:50:32 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2013.04.30 13:50:32 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll [2013.04.30 13:50:31 | 001,187,609 | ---- | C] () -- C:\Windows\unins002.exe [2013.04.30 13:50:31 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll [2013.04.30 13:50:31 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll [2013.04.30 13:50:31 | 000,010,822 | ---- | C] () -- C:\Windows\unins002.dat [2013.04.30 13:48:46 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2013.04.30 13:48:46 | 000,007,958 | ---- | C] () -- C:\Windows\unins001.dat [2013.04.30 13:31:38 | 000,000,698 | ---- | C] () -- C:\Users\Ronya\Desktop\WinPKG.xml [2013.04.30 13:31:38 | 000,000,355 | ---- | C] () -- C:\Users\Ronya\Desktop\entries_AiORuntimes.ini [2013.04.30 13:19:39 | 000,588,069 | ---- | C] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.24 08:38:40 | 000,501,661 | ---- | C] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe [2013.04.23 20:50:52 | 000,081,813 | ---- | C] () -- C:\Windows\unins000.dat [2013.04.23 16:13:54 | 001,672,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.15 21:20:02 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.11 18:50:09 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 17:30:56 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | C] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.06 19:17:37 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2013.04.06 19:17:37 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2013.04.06 19:17:36 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2013.04.04 22:32:01 | 000,004,626 | ---- | C] () -- C:\Windows\cdplayer.ini [2013.04.04 22:07:07 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.10.18 15:47:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.18 15:43:19 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.09.05 18:34:45 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.09.05 18:34:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.09.05 18:34:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.09.05 18:34:45 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.09.05 18:34:44 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.09.05 18:34:42 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.06 19:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\concept design [2013.03.29 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DeepBurner [2013.05.09 08:59:58 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Dropbox [2013.04.02 14:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DVDVideoSoft [2013.04.01 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\GlarySoft [2013.04.12 15:42:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.11 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.12 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.23 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.04 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\PowerCinema [2013.04.05 11:03:12 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\TrueCrypt [2013.03.18 12:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover Rootkit scan 2013-05-09 12:24:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Ronya\AppData\Local\Temp\kwlorpob.sys ---- User code sections - GMER 2.1 ---- .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002f471afc 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002f471b53 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002f471b96 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002f471bdc 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002f471d38 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002f471dff 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002f471e14 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002f471e20 2 bytes [47, 2F] .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000769987b1 5 bytes JMP 000000016d9550b8 .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000074da6143 5 bytes JMP 000000016e41e11a .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\Windows\syswow64\OLEAUT32.DLL!SysFreeString 00000000761d3e59 5 bytes JMP 000000016d981b8f .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\Windows\syswow64\OLEAUT32.DLL!VariantClear 00000000761d3eae 5 bytes JMP 000000016d98c68a .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\Windows\syswow64\OLEAUT32.DLL!SysAllocStringByteLen 00000000761d4731 5 bytes JMP 000000016d98fac2 .text C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE[1864] C:\Windows\syswow64\OLEAUT32.DLL!VariantChangeType 00000000761d5dee 5 bytes JMP 000000016d98ff84 .text F:\AVA\OTL.exe[868] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77] .text F:\AVA\OTL.exe[868] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77] .text ... * 2 ---- EOF - GMER 2.1 ---- Beste Grüße Steffen |
|
09.05.2013, 12:12
| #10 | |
| /// TB-Ausbilder | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Hallo Steffen, Zitat:
Wieder Combofix im abgesicherten Modus: Schritt 1 Scan mit Combofix
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
09.05.2013, 12:42
| #11 |
| | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Alles klar, ich warte mit dem Surfen bis wir mit allem durch sind. Combofix Logfile: Code:
ATTFilter ComboFix 13-05-08.02 - Ronya 09.05.2013 13:19:25.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3764.2435 [GMT 2:00]
ausgeführt von:: f:\ava\ComboFix.exe
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E.exe
c:\programdata\8A8EAE3165F66B2000008A8E23A8704E\8A8EAE3165F66B2000008A8E23A8704E.ico
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-09 bis 2013-05-09 ))))))))))))))))))))))))))))))
.
.
2013-05-09 11:22 . 2013-05-09 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 09:15 . 2013-05-06 09:15 -------- d-----w- c:\windows\Sun
2013-05-02 08:29 . 2013-05-02 08:29 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-30 11:50 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-04-30 11:48 . 2013-04-30 11:48 709719 ----a-w- c:\windows\unins001.exe
2013-04-30 11:39 . 2013-04-30 11:40 -------- d-----w- c:\programdata\Package Cache
2013-04-30 11:38 . 2013-04-30 11:38 310688 ----a-w- c:\windows\system32\javaws.exe
2013-04-30 11:38 . 2013-04-30 11:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-30 11:38 . 2013-04-30 11:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-30 11:38 . 2013-04-30 11:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-30 11:38 . 2013-04-30 11:38 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-30 11:38 . 2013-04-30 11:38 188320 ----a-w- c:\windows\system32\java.exe
2013-04-30 11:38 . 2013-04-30 11:38 -------- d-----w- c:\program files\Java
2013-04-30 11:38 . 2013-04-30 11:37 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-30 11:37 . 2013-04-30 11:37 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-30 11:37 . 2013-04-30 11:37 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 11:37 . 2013-04-30 11:37 -------- d-----w- c:\program files (x86)\Java
2013-04-30 10:19 . 2013-04-30 10:19 -------- d-----w- c:\users\Ronya\AppData\Local\ElevatedDiagnostics
2013-04-27 14:42 . 2013-04-27 14:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-24 13:31 . 2013-04-27 14:42 -------- d-----r- c:\program files (x86)\Skype
2013-04-24 03:54 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 19:26 . 2013-04-10 06:57 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-04-23 19:26 . 2013-04-10 06:57 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-23 19:08 . 2013-04-23 19:08 -------- d-----w- c:\program files\CCleaner
2013-04-23 18:50 . 2013-04-23 18:50 1169609 ----a-w- c:\windows\unins000.exe
2013-04-23 16:15 . 2013-05-09 07:46 -------- d-----w- c:\users\Ronya\AppData\Roaming\Skype
2013-04-23 14:14 . 2013-04-23 14:16 -------- d-----w- c:\users\Ronya\AppData\Roaming\player
2013-04-21 20:21 . 2013-04-21 20:21 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-04-21 20:21 . 2013-04-21 20:21 -------- d-----w- c:\windows\SysWow64\Extensions
2013-04-19 05:07 . 2013-04-01 17:58 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-15 19:20 . 2013-04-15 19:20 -------- d-----w- c:\program files (x86)\FLV Player
2013-04-12 13:42 . 2013-04-12 13:42 -------- d-----w- c:\users\Ronya\AppData\Roaming\Hogrefe
2013-04-12 13:42 . 2013-04-12 13:42 -------- d-----w- C:\Work
2013-04-12 13:42 . 2013-04-12 13:42 -------- d-----w- c:\users\Ronya\AppData\Local\Hogrefe
2013-04-11 16:50 . 2013-04-11 16:50 -------- d-----w- c:\program files (x86)\Free WAV to MP3 Converter
2013-04-11 15:30 . 2013-04-11 15:30 -------- d-----w- c:\program files (x86)\Audiograbber
2013-04-11 15:23 . 2013-04-12 15:11 -------- d-----w- c:\users\Ronya\AppData\Roaming\Mp3tag
2013-04-11 15:23 . 2013-04-11 15:23 -------- d-----w- c:\program files (x86)\Mp3tag
2013-04-11 15:02 . 2013-04-11 15:02 -------- d-----w- c:\users\Ronya\AppData\Roaming\mp3DirectCut
2013-04-11 15:02 . 2013-04-11 15:02 -------- d-----w- c:\program files (x86)\mp3DirectCut
2013-04-10 11:18 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 19:04 . 2013-02-21 10:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 19:04 . 2013-02-21 10:18 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 22:03 . 2013-04-01 22:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-01 22:03 . 2013-04-01 22:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-01 22:03 . 2013-04-01 22:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-01 22:03 . 2013-04-01 22:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-01 22:03 . 2013-04-01 22:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-01 22:03 . 2013-04-01 22:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-01 22:03 . 2013-04-01 22:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-01 22:03 . 2013-04-01 22:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-01 22:03 . 2013-04-01 22:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-01 22:03 . 2013-04-01 22:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-01 22:03 . 2013-04-01 22:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-01 22:03 . 2013-04-01 22:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-01 22:03 . 2013-04-01 22:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-01 22:03 . 2013-04-01 22:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-01 22:03 . 2013-04-01 22:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-01 22:03 . 2013-04-01 22:03 441856 ----a-w- c:\windows\system32\html.iec
2013-04-01 22:03 . 2013-04-01 22:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-01 22:03 . 2013-04-01 22:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-01 22:03 . 2013-04-01 22:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-01 22:03 . 2013-04-01 22:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-01 22:03 . 2013-04-01 22:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-01 22:03 . 2013-04-01 22:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-01 22:03 . 2013-04-01 22:03 235008 ----a-w- c:\windows\system32\url.dll
2013-04-01 22:03 . 2013-04-01 22:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-01 22:03 . 2013-04-01 22:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-01 22:03 . 2013-04-01 22:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-01 22:03 . 2013-04-01 22:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-01 22:03 . 2013-04-01 22:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-01 22:03 . 2013-04-01 22:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-01 22:03 . 2013-04-01 22:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-01 22:03 . 2013-04-01 22:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-01 22:03 . 2013-04-01 22:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-01 22:03 . 2013-04-01 22:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-01 22:03 . 2013-04-01 22:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-01 22:03 . 2013-04-01 22:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-01 22:03 . 2013-04-01 22:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-01 22:03 . 2013-04-01 22:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-01 22:03 . 2013-04-01 22:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-01 22:03 . 2013-04-01 22:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-01 22:03 . 2013-04-01 22:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-01 22:03 . 2013-04-01 22:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-01 22:03 . 2013-04-01 22:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-01 22:03 . 2013-04-01 22:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-01 22:03 . 2013-04-01 22:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-01 22:03 . 2013-04-01 22:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-01 22:03 . 2013-04-01 22:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-01 22:03 . 2013-04-01 22:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-01 22:03 . 2013-04-01 22:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-01 22:03 . 2013-04-01 22:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-01 11:06 . 2013-04-01 11:06 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-03-29 11:04 . 2013-03-29 11:04 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-20 09:37 . 2013-03-20 09:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-20 09:37 . 2013-03-20 09:37 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-20 09:37 . 2013-03-20 09:37 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-19 10:46 . 2010-06-24 18:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-12 05:45 . 2013-03-16 18:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 18:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 18:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 18:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 18:10 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 18:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-19 11:16 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-05 98304]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-5 25863280]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-20 28600]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-20 202752]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-20 86752]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-15 822304]
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-06-05 10326784]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-29 39768]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - kwlorpob
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-21 19:04]
.
2013-05-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-02-19 23:26]
.
2013-05-07 c:\windows\Tasks\hpwebreg_CN1433P7X205D1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Ronya\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-05 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-05 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-05 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-15 496160]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-23 21:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ronya\AppData\Roaming\Mozilla\Firefox\Profiles\tv6agu9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-09 13:23:29
ComboFix-quarantined-files.txt 2013-05-09 11:23
ComboFix2.txt 2013-05-06 17:19
.
Vor Suchlauf: 15 Verzeichnis(se), 187.576.369.152 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 187.526.553.600 Bytes frei
.
- - End Of File - - BA6B2B5465022BDE74DC2576A919E12F
Steffen |
|
09.05.2013, 12:57
| #12 |
| /// TB-Ausbilder | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Ok, ab jetzt wieder im normalen Modus. Schritt 1 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
09.05.2013, 21:20
| #13 |
| | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Es wurde keine Malware gefunden... Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Ronya :: RONYA-PC [administrator] 09.05.2013 22:13:38 mbar-log-2013-05-09 (22-13-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30397 Time elapsed: 11 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)  |
|
09.05.2013, 22:40
| #14 |
| /// TB-Ausbilder | Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Sehr gut, dann noch eine Kontrolle und die Sicherheitslücken schliessen, damit sowas nicht wieder passiert. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2013.05.09 11:07:30 | 000,002,052 | ---- | C] () -- C:\Users\Ronya\Desktop\System Care Antivirus.lnk
[2013.05.06 11:23:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck und:
Schritt 5 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
10.05.2013, 17:59
| #15 |
| |  Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen Okidoki... All processes killed ========== OTL ========== C:\Users\Ronya\Desktop\System Care Antivirus.lnk moved successfully. C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 396 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ronya ->Temp folder emptied: 1912696 bytes ->Temporary Internet Files folder emptied: 8452087 bytes ->Java cache emptied: 21052256 bytes ->FireFox cache emptied: 26409864 bytes ->Flash cache emptied: 4441 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3432 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78341 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 55,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05102013_132247 Files\Folders moved on Reboot... C:\Users\Ronya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... All processes killed ========== OTL ========== C:\Users\Ronya\Desktop\System Care Antivirus.lnk moved successfully. C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 396 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ronya ->Temp folder emptied: 1912696 bytes ->Temporary Internet Files folder emptied: 8452087 bytes ->Java cache emptied: 21052256 bytes ->FireFox cache emptied: 26409864 bytes ->Flash cache emptied: 4441 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3432 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78341 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 55,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05102013_132247 Files\Folders moved on Reboot... C:\Users\Ronya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... All processes killed ========== OTL ========== C:\Users\Ronya\Desktop\System Care Antivirus.lnk moved successfully. C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 396 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ronya ->Temp folder emptied: 1912696 bytes ->Temporary Internet Files folder emptied: 8452087 bytes ->Java cache emptied: 21052256 bytes ->FireFox cache emptied: 26409864 bytes ->Flash cache emptied: 4441 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3432 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78341 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 55,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05102013_132247 Files\Folders moved on Reboot... C:\Users\Ronya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... All processes killed ========== OTL ========== C:\Users\Ronya\Desktop\System Care Antivirus.lnk moved successfully. C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 396 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ronya ->Temp folder emptied: 1912696 bytes ->Temporary Internet Files folder emptied: 8452087 bytes ->Java cache emptied: 21052256 bytes ->FireFox cache emptied: 26409864 bytes ->Flash cache emptied: 4441 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3432 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78341 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 55,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05102013_132247 Files\Folders moved on Reboot... C:\Users\Ronya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2013 18:52:42 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = F:\AVA 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 45,79% Memory free 7,35 Gb Paging File | 4,63 Gb Available in Paging File | 62,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,73 Gb Total Space | 174,37 Gb Free Space | 78,29% Space Free | Partition Type: NTFS Drive D: | 223,40 Gb Total Space | 142,89 Gb Free Space | 63,96% Space Free | Partition Type: NTFS Drive F: | 7,50 Gb Total Space | 4,92 Gb Free Space | 65,55% Space Free | Partition Type: FAT32 Drive G: | 7,50 Gb Total Space | 5,22 Gb Free Space | 69,54% Space Free | Partition Type: FAT32 Drive H: | 3,74 Gb Total Space | 1,66 Gb Free Space | 44,31% Space Free | Partition Type: FAT Drive I: | 298,09 Gb Total Space | 60,40 Gb Free Space | 20,26% Space Free | Partition Type: NTFS Drive J: | 298,02 Gb Total Space | 86,58 Gb Free Space | 29,05% Space Free | Partition Type: FAT32 Computer Name: RONYA-PC | User Name: Ronya | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\AVA\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Ronya\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Ronya\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\..\SearchScopes\{1018FB3F-0AD5-4375-BF9A-D4FA9EDFAECF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=723 IE - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 21:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.18 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Extensions [2013.05.08 23:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\Firefox\Profiles\tv6agu9n.default\extensions [2013.05.08 23:31:35 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Ronya\AppData\Roaming\mozilla\firefox\profiles\tv6agu9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.23 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.09 13:22:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Ronya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ronya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1996565660-337009407-2290839961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5421E07E-1390-4F0D-B5B4-80755A20AC91}: DhcpNameServer = 10.57.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F033F05F-CE82-4C4E-AE8D-062DC6046106}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.01 17:02:56 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk I:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.10 14:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.05.10 13:33:45 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Malwarebytes [2013.05.10 13:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.10 13:33:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.10 13:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.09 21:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.09 21:59:02 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\mbar [2013.05.09 21:55:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.09 13:23:30 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.06 19:15:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.06 19:15:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.06 19:15:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.06 19:13:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.06 19:12:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.06 14:45:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\AVA [2013.05.06 11:15:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.06 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Ronyas_Welt [2013.05.05 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\Landschaftsökologischer_Beleg [2013.05.02 10:29:56 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:50:33 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.04.30 13:50:33 | 000,265,216 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll [2013.04.30 13:50:32 | 002,288,181 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll [2013.04.30 13:50:32 | 001,178,112 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll [2013.04.30 13:50:32 | 001,008,128 | ---- | C] (GnuWin32 <hxxp://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\libiconv2.dll [2013.04.30 13:50:32 | 000,265,216 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll [2013.04.30 13:50:32 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll [2013.04.30 13:50:32 | 000,103,424 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll [2013.04.30 13:50:31 | 000,325,376 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll [2013.04.30 13:50:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.04.30 13:41:36 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.04.30 13:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.04.30 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.30 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.30 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\svcpack [2013.04.30 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\ElevatedDiagnostics [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.27 16:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.24 15:31:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.04.23 21:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.04.23 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.23 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Skype [2013.04.23 16:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.21 22:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.21 11:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Desktop\hh [2013.04.19 07:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2013.04.15 21:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2013.04.15 21:19:23 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\{603EFAB1-813D-4583-8F98-F7230FAB142C} [2013.04.12 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Work [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Documents\Hogrefe [2013.04.12 15:42:37 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Local\Hogrefe [2013.04.11 18:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ronya\Local Settings [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free WAV to MP3 Converter [2013.04.11 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV to MP3 Converter [2013.04.11 17:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber [2013.04.11 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber [2013.04.11 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.11 17:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2013.04.11 17:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2013.04.11 17:02:40 | 000,000,000 | ---D | C] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.11 17:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut ========== Files - Modified Within 30 Days ========== [2013.05.10 18:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.10 16:55:00 | 000,000,662 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN1433P7X205D1.job [2013.05.10 14:00:40 | 001,645,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.10 14:00:40 | 000,708,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.10 14:00:40 | 000,662,114 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.10 14:00:40 | 000,153,736 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.10 14:00:40 | 000,125,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.10 13:36:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.10 13:36:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.10 13:33:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.10 13:29:51 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.05.10 13:29:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.10 13:29:21 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys [2013.05.09 13:22:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.06 15:02:09 | 000,000,000 | ---- | M] () -- C:\Users\Ronya\defogger_reenable [2013.05.02 10:29:42 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 13:51:27 | 000,020,373 | ---- | M] () -- C:\Windows\unins003.dat [2013.04.30 13:50:44 | 001,199,175 | ---- | M] () -- C:\Windows\unins003.exe [2013.04.30 13:50:43 | 000,010,822 | ---- | M] () -- C:\Windows\unins002.dat [2013.04.30 13:50:29 | 001,187,609 | ---- | M] () -- C:\Windows\unins002.exe [2013.04.30 13:48:57 | 000,007,958 | ---- | M] () -- C:\Windows\unins001.dat [2013.04.30 13:48:45 | 000,709,719 | ---- | M] () -- C:\Windows\unins001.exe [2013.04.30 13:48:07 | 001,672,796 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.30 13:19:39 | 000,588,069 | ---- | M] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.27 16:42:47 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.24 08:38:40 | 000,501,661 | ---- | M] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 000,081,813 | ---- | M] () -- C:\Windows\unins000.dat [2013.04.23 20:50:44 | 001,169,609 | ---- | M] () -- C:\Windows\unins000.exe [2013.04.15 21:20:02 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.11 18:50:09 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 18:47:11 | 000,004,626 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.04.11 17:30:56 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | M] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.11 07:45:43 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.10 13:33:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.06 19:15:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.06 19:15:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.06 19:15:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.06 19:15:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.06 19:15:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.06 15:02:09 | 000,000,000 | ---- | C] () -- C:\Users\Ronya\defogger_reenable [2013.05.04 10:57:42 | 000,041,016 | ---- | C] () -- C:\Users\Ronya\Desktop\Anleitung Kartierbogen 2002.pdf [2013.04.30 13:50:44 | 001,199,175 | ---- | C] () -- C:\Windows\unins003.exe [2013.04.30 13:50:44 | 000,020,373 | ---- | C] () -- C:\Windows\unins003.dat [2013.04.30 13:50:33 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2013.04.30 13:50:32 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2013.04.30 13:50:32 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll [2013.04.30 13:50:31 | 001,187,609 | ---- | C] () -- C:\Windows\unins002.exe [2013.04.30 13:50:31 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll [2013.04.30 13:50:31 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll [2013.04.30 13:50:31 | 000,010,822 | ---- | C] () -- C:\Windows\unins002.dat [2013.04.30 13:48:46 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2013.04.30 13:48:46 | 000,007,958 | ---- | C] () -- C:\Windows\unins001.dat [2013.04.30 13:31:38 | 000,000,698 | ---- | C] () -- C:\Users\Ronya\Desktop\WinPKG.xml [2013.04.30 13:31:38 | 000,000,355 | ---- | C] () -- C:\Users\Ronya\Desktop\entries_AiORuntimes.ini [2013.04.30 13:19:39 | 000,588,069 | ---- | C] () -- C:\Users\Ronya\Desktop\4288585311.pdf [2013.04.27 19:03:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.24 08:38:40 | 000,501,661 | ---- | C] () -- C:\Users\Ronya\Desktop\Scan.jpg [2013.04.23 21:08:10 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 20:50:52 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe [2013.04.23 20:50:52 | 000,081,813 | ---- | C] () -- C:\Windows\unins000.dat [2013.04.23 16:13:54 | 001,672,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.15 21:20:02 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk [2013.04.11 18:50:09 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Free WAV to MP3 Converter.lnk [2013.04.11 17:30:56 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.04.11 17:23:36 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.04.11 17:02:03 | 000,001,059 | ---- | C] () -- C:\Users\Ronya\Desktop\mp3DirectCut.lnk [2013.04.06 19:17:37 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2013.04.06 19:17:37 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2013.04.06 19:17:36 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2013.04.04 22:32:01 | 000,004,626 | ---- | C] () -- C:\Windows\cdplayer.ini [2013.04.04 22:07:07 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.10.18 15:47:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.18 15:43:19 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.09.05 18:34:45 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.09.05 18:34:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.09.05 18:34:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.09.05 18:34:45 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.09.05 18:34:44 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.09.05 18:34:42 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.06 19:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\concept design [2013.03.29 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DeepBurner [2013.05.10 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Dropbox [2013.04.02 14:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\DVDVideoSoft [2013.04.01 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\GlarySoft [2013.04.12 15:42:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Hogrefe [2013.04.11 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\mp3DirectCut [2013.04.12 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Mp3tag [2013.04.23 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\player [2013.04.04 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\PowerCinema [2013.04.05 11:03:12 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\TrueCrypt [2013.03.18 12:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ronya\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Hoffe du hast alles was du brauchst! Steffen |
|
| Themen zu Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen |
| antivirus, antwort, bereits, dateien, exe-dateien, falsche, firefox, gen, geschlossen, gestartet, gmer, heute, infizierte, infizierten, kostenlose, laptop, neu, nichts, programme, starten, stick, system, system care, system care antivirus, systeme care antivirus, troja, win, win 7, öffnen |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
