Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.06.2013, 19:45   #16
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



http://download.bleepingcomputer.com...sta/wscsvc.reg
http://download.bleepingcomputer.com...ta/Winmgmt.reg

Beides laden und ausführen mit Rechtsklick > Zusammenführen.
Reboot und neues FSS log sowie ein frisches OTL log bitte.

Komplettes Log von Avira wäre nett, in dem obigen seh ich gar nix
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2013, 19:51   #17
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Hier erstmal das Log von Avira.

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 3. Juni 2013  19:50


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : SONDERMANLAPTOP

Versionsinformationen:
BUILD.DAT      : 13.0.0.3640    54852 Bytes  18.04.2013 13:29:00
AVSCAN.EXE     : 13.6.0.1262   636984 Bytes  03.06.2013 14:20:28
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  16.03.2013 17:30:48
LUKE.DLL       : 13.6.0.1262    65080 Bytes  03.06.2013 14:20:36
AVSCPLR.DLL    : 13.6.0.1262    92216 Bytes  03.06.2013 14:20:28
AVREG.DLL      : 13.6.0.1262   247864 Bytes  03.06.2013 14:20:27
avlode.dll     : 13.6.2.1262   432184 Bytes  03.06.2013 14:20:27
avlode.rdf     : 13.0.1.12      25921 Bytes  03.06.2013 14:20:39
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 14:20:11
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 14:20:14
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 14:20:16
VBASE003.VDF   : 7.11.80.61      2048 Bytes  28.05.2013 14:20:16
VBASE004.VDF   : 7.11.80.62      2048 Bytes  28.05.2013 14:20:16
VBASE005.VDF   : 7.11.80.63      2048 Bytes  28.05.2013 14:20:16
VBASE006.VDF   : 7.11.80.64      2048 Bytes  28.05.2013 14:20:16
VBASE007.VDF   : 7.11.80.65      2048 Bytes  28.05.2013 14:20:16
VBASE008.VDF   : 7.11.80.66      2048 Bytes  28.05.2013 14:20:16
VBASE009.VDF   : 7.11.80.67      2048 Bytes  28.05.2013 14:20:16
VBASE010.VDF   : 7.11.80.68      2048 Bytes  28.05.2013 14:20:16
VBASE011.VDF   : 7.11.80.69      2048 Bytes  28.05.2013 14:20:16
VBASE012.VDF   : 7.11.80.70      2048 Bytes  28.05.2013 14:20:16
VBASE013.VDF   : 7.11.80.71      2048 Bytes  28.05.2013 14:20:16
VBASE014.VDF   : 7.11.81.57    145408 Bytes  29.05.2013 14:20:17
VBASE015.VDF   : 7.11.81.137   130048 Bytes  30.05.2013 14:20:17
VBASE016.VDF   : 7.11.81.255   207360 Bytes  31.05.2013 14:20:17
VBASE017.VDF   : 7.11.82.91    156160 Bytes  03.06.2013 14:20:17
VBASE018.VDF   : 7.11.82.92      2048 Bytes  03.06.2013 14:20:18
VBASE019.VDF   : 7.11.82.93      2048 Bytes  03.06.2013 14:20:18
VBASE020.VDF   : 7.11.82.94      2048 Bytes  03.06.2013 14:20:18
VBASE021.VDF   : 7.11.82.95      2048 Bytes  03.06.2013 14:20:18
VBASE022.VDF   : 7.11.82.96      2048 Bytes  03.06.2013 14:20:18
VBASE023.VDF   : 7.11.82.97      2048 Bytes  03.06.2013 14:20:18
VBASE024.VDF   : 7.11.82.98      2048 Bytes  03.06.2013 14:20:18
VBASE025.VDF   : 7.11.82.99      2048 Bytes  03.06.2013 14:20:18
VBASE026.VDF   : 7.11.82.100     2048 Bytes  03.06.2013 14:20:18
VBASE027.VDF   : 7.11.82.101     2048 Bytes  03.06.2013 14:20:19
VBASE028.VDF   : 7.11.82.102     2048 Bytes  03.06.2013 14:20:19
VBASE029.VDF   : 7.11.82.103     2048 Bytes  03.06.2013 14:20:19
VBASE030.VDF   : 7.11.82.104     2048 Bytes  03.06.2013 14:20:19
VBASE031.VDF   : 7.11.82.146    50688 Bytes  03.06.2013 16:20:20
Engineversion  : 8.2.12.50 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  11.07.2012 21:01:54
AESCRIPT.DLL   : 8.1.4.118     487805 Bytes  03.06.2013 14:20:25
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 19:29:10
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.06.2012 14:42:00
AERDL.DLL      : 8.2.0.88      643444 Bytes  16.03.2013 16:20:32
AEPACK.DLL     : 8.3.2.12      754040 Bytes  03.06.2013 14:20:24
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  16.03.2013 16:20:31
AEHEUR.DLL     : 8.1.4.386    5947769 Bytes  03.06.2013 14:20:24
AEHELP.DLL     : 8.1.25.10     258425 Bytes  03.06.2013 14:20:21
AEGEN.DLL      : 8.1.7.4       442741 Bytes  03.06.2013 14:20:21
AEEXP.DLL      : 8.4.0.32      201078 Bytes  03.06.2013 14:20:25
AEEMU.DLL      : 8.1.3.2       393587 Bytes  11.07.2012 21:01:52
AECORE.DLL     : 8.1.31.2      201080 Bytes  16.03.2013 16:20:26
AEBB.DLL       : 8.1.1.4        53619 Bytes  16.03.2013 16:20:26
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  16.03.2013 17:30:07
AVPREF.DLL     : 13.6.0.480     51056 Bytes  16.03.2013 17:30:47
AVREP.DLL      : 13.6.0.480    178544 Bytes  16.03.2013 17:31:48
AVARKT.DLL     : 13.6.0.1262   258104 Bytes  03.06.2013 14:20:25
AVEVTLOG.DLL   : 13.6.0.1262   164920 Bytes  03.06.2013 14:20:27
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  16.03.2013 17:31:29
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  16.03.2013 17:30:49
NETNT.DLL      : 13.6.0.480     16240 Bytes  16.03.2013 17:31:19
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  16.03.2013 17:30:09
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  29.03.2013 19:10:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51acd62a\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 3. Juni 2013  19:50

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'FSS.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSUPDATE.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_202.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_202.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'sapisvr.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERANTISPYWARE.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrowserDefender.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AmIcoSinglun.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrowserDefender.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Sonderman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7WJWZW2\about[1].dll'
C:\Users\Sonderman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7WJWZW2\about[1].dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8

Beginne mit der Desinfektion:
C:\Users\Sonderman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7WJWZW2\about[1].dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57537676.qua' verschoben!


Ende des Suchlaufs: Montag, 3. Juni 2013  19:53
Benötigte Zeit: 00:10 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    646 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    645 Dateien ohne Befall
      4 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.
         
Weiteres folgt.
__________________


Alt 03.06.2013, 19:59   #18
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Das sind nur Tempdateien, die löschen wir noch
__________________
__________________

Alt 03.06.2013, 20:09   #19
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Hier das FSS-Log:

Code:
ATTFilter
Farbar Service Scanner Version: 31-05-2013 01
Ran by Sonderman (administrator) on 03-06-2013 at 20:56:36
Running from "C:\Users\Sonderman\Downloads"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-03-16 18:37] - [2013-01-04 13:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         
Und hier das neue OTL:

Code:
ATTFilter
OTL logfile created on: 03.06.2013 20:57:14 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sonderman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,93% Memory free
6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 311,47 Gb Free Space | 68,76% Space Free | Partition Type: NTFS
 
Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sonderman\Downloads\FSS.exe (Farbar)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Sonderman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SSUPDATE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\SONDER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (int15) -- c:\Windows\system32\drivers\int15.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928"
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.03 15:17:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.03 18:46:29 | 000,000,000 | ---D | M]
 
[2009.11.03 21:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Extensions
[2013.06.03 18:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions
[2011.08.15 21:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com
[2013.03.18 19:18:55 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.06.03 18:40:21 | 000,006,503 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\babylon.xml
[2013.06.03 18:40:38 | 000,001,294 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\delta.xml
[2012.02.05 15:57:48 | 000,000,950 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\icqplugin-4.xml
[2012.11.12 20:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.16 23:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.16 23:58:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.03 15:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.03 15:17:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.04.23 20:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonderman\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 80.69.100.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A1FAE7-3F78-47B1-A6B7-3E7108844ED5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F70D14E-127E-459B-9EE1-874EB24B4020}: DhcpNameServer = 80.69.100.206 80.69.100.182
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell - "" = AutoRun
O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 19:53:45 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.03 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Local\Macromedia
[2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution
[2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.03 18:39:56 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\SumatraPDF
[2013.06.03 18:38:47 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.03 18:38:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.03 18:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.06.03 18:38:09 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.03 18:38:09 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.03 18:37:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.03 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\DSite
[2013.06.03 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
[2013.06.03 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.03 18:29:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.03 18:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.03 16:46:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.03 16:34:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.03 16:34:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.03 16:34:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.03 16:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.03 16:34:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.03 16:34:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.03 16:34:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.03 13:00:01 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.03 13:00:01 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.03 13:00:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.06.03 13:00:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.06.03 12:59:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.06.03 12:59:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.06.03 12:37:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.03 12:34:29 | 000,000,000 | ---D | C] -- C:\JRT
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 21:01:49 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.03 21:01:49 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.03 21:01:49 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.03 21:01:49 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.03 20:55:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.03 20:55:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 20:55:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 20:55:19 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.06.03 20:55:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.03 20:55:06 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.03 20:47:35 | 000,007,592 | ---- | M] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat
[2013.06.03 19:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 19:02:35 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.06.03 18:46:29 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.03 18:38:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.03 18:38:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.03 18:37:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.03 18:37:17 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.03 18:37:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.03 18:37:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.03 18:34:07 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.03 16:51:14 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.06.03 16:00:00 | 000,890,839 | ---- | M] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe
[2013.06.03 15:26:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2013.06.03 18:46:29 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.03 18:46:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.06.03 18:38:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 18:37:43 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.06.03 15:59:59 | 000,890,839 | ---- | C] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe
[2013.06.03 12:05:43 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2013.06.02 21:36:20 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.01 21:25:35 | 000,002,608 | ---- | C] () -- C:\ProgramData\8of7t.js
[2010.02.11 16:01:32 | 000,013,312 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.21 20:51:41 | 000,007,592 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat
[2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Users\Sonderman\AppData\Local\{72c0cfa5-fb1a-ed57-c2bc-68af7ec2d004}\n.
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
         

Und Avira hat wieder Alarm geschlagen, während der OTL-Prüfung:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 3. Juni 2013  21:02


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : SONDERMANLAPTOP

Versionsinformationen:
BUILD.DAT      : 13.0.0.3640    54852 Bytes  18.04.2013 13:29:00
AVSCAN.EXE     : 13.6.0.1262   636984 Bytes  03.06.2013 14:20:28
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  16.03.2013 17:30:48
LUKE.DLL       : 13.6.0.1262    65080 Bytes  03.06.2013 14:20:36
AVSCPLR.DLL    : 13.6.0.1262    92216 Bytes  03.06.2013 14:20:28
AVREG.DLL      : 13.6.0.1262   247864 Bytes  03.06.2013 14:20:27
avlode.dll     : 13.6.2.1262   432184 Bytes  03.06.2013 14:20:27
avlode.rdf     : 13.0.1.12      25921 Bytes  03.06.2013 14:20:39
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 14:20:11
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 14:20:14
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 14:20:16
VBASE003.VDF   : 7.11.80.61      2048 Bytes  28.05.2013 14:20:16
VBASE004.VDF   : 7.11.80.62      2048 Bytes  28.05.2013 14:20:16
VBASE005.VDF   : 7.11.80.63      2048 Bytes  28.05.2013 14:20:16
VBASE006.VDF   : 7.11.80.64      2048 Bytes  28.05.2013 14:20:16
VBASE007.VDF   : 7.11.80.65      2048 Bytes  28.05.2013 14:20:16
VBASE008.VDF   : 7.11.80.66      2048 Bytes  28.05.2013 14:20:16
VBASE009.VDF   : 7.11.80.67      2048 Bytes  28.05.2013 14:20:16
VBASE010.VDF   : 7.11.80.68      2048 Bytes  28.05.2013 14:20:16
VBASE011.VDF   : 7.11.80.69      2048 Bytes  28.05.2013 14:20:16
VBASE012.VDF   : 7.11.80.70      2048 Bytes  28.05.2013 14:20:16
VBASE013.VDF   : 7.11.80.71      2048 Bytes  28.05.2013 14:20:16
VBASE014.VDF   : 7.11.81.57    145408 Bytes  29.05.2013 14:20:17
VBASE015.VDF   : 7.11.81.137   130048 Bytes  30.05.2013 14:20:17
VBASE016.VDF   : 7.11.81.255   207360 Bytes  31.05.2013 14:20:17
VBASE017.VDF   : 7.11.82.91    156160 Bytes  03.06.2013 14:20:17
VBASE018.VDF   : 7.11.82.92      2048 Bytes  03.06.2013 14:20:18
VBASE019.VDF   : 7.11.82.93      2048 Bytes  03.06.2013 14:20:18
VBASE020.VDF   : 7.11.82.94      2048 Bytes  03.06.2013 14:20:18
VBASE021.VDF   : 7.11.82.95      2048 Bytes  03.06.2013 14:20:18
VBASE022.VDF   : 7.11.82.96      2048 Bytes  03.06.2013 14:20:18
VBASE023.VDF   : 7.11.82.97      2048 Bytes  03.06.2013 14:20:18
VBASE024.VDF   : 7.11.82.98      2048 Bytes  03.06.2013 14:20:18
VBASE025.VDF   : 7.11.82.99      2048 Bytes  03.06.2013 14:20:18
VBASE026.VDF   : 7.11.82.100     2048 Bytes  03.06.2013 14:20:18
VBASE027.VDF   : 7.11.82.101     2048 Bytes  03.06.2013 14:20:19
VBASE028.VDF   : 7.11.82.102     2048 Bytes  03.06.2013 14:20:19
VBASE029.VDF   : 7.11.82.103     2048 Bytes  03.06.2013 14:20:19
VBASE030.VDF   : 7.11.82.104     2048 Bytes  03.06.2013 14:20:19
VBASE031.VDF   : 7.11.82.146    50688 Bytes  03.06.2013 16:20:20
Engineversion  : 8.2.12.50 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  11.07.2012 21:01:54
AESCRIPT.DLL   : 8.1.4.118     487805 Bytes  03.06.2013 14:20:25
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 19:29:10
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.06.2012 14:42:00
AERDL.DLL      : 8.2.0.88      643444 Bytes  16.03.2013 16:20:32
AEPACK.DLL     : 8.3.2.12      754040 Bytes  03.06.2013 14:20:24
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  16.03.2013 16:20:31
AEHEUR.DLL     : 8.1.4.386    5947769 Bytes  03.06.2013 14:20:24
AEHELP.DLL     : 8.1.25.10     258425 Bytes  03.06.2013 14:20:21
AEGEN.DLL      : 8.1.7.4       442741 Bytes  03.06.2013 14:20:21
AEEXP.DLL      : 8.4.0.32      201078 Bytes  03.06.2013 14:20:25
AEEMU.DLL      : 8.1.3.2       393587 Bytes  11.07.2012 21:01:52
AECORE.DLL     : 8.1.31.2      201080 Bytes  16.03.2013 16:20:26
AEBB.DLL       : 8.1.1.4        53619 Bytes  16.03.2013 16:20:26
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  16.03.2013 17:30:07
AVPREF.DLL     : 13.6.0.480     51056 Bytes  16.03.2013 17:30:47
AVREP.DLL      : 13.6.0.480    178544 Bytes  16.03.2013 17:31:48
AVARKT.DLL     : 13.6.0.1262   258104 Bytes  03.06.2013 14:20:25
AVEVTLOG.DLL   : 13.6.0.1262   164920 Bytes  03.06.2013 14:20:27
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  16.03.2013 17:31:29
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  16.03.2013 17:30:49
NETNT.DLL      : 13.6.0.480     16240 Bytes  16.03.2013 17:31:19
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  16.03.2013 17:30:09
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  29.03.2013 19:10:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51ace696\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 3. Juni 2013  21:02

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'OTL.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSUPDATE.EXE' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sapisvr.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERANTISPYWARE.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrowserDefender.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AmIcoSinglun.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrowserDefender.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\ProgramData\8of7t.js'
C:\ProgramData\8of7t.js
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412

Beginne mit der Desinfektion:
C:\ProgramData\8of7t.js
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5419470d.qua' verschoben!


Ende des Suchlaufs: Montag, 3. Juni 2013  21:03
Benötigte Zeit: 00:10 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    688 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    687 Dateien ohne Befall
      3 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.
         

Alt 03.06.2013, 20:37   #20
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:files
C:\ProgramData\8of7t.js
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.



und ein frisches FSS und OTL log.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2013, 20:58   #21
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Fix mit OTL hat nicht funktioniert, evtl. weil Avira bereits in Qarantäne verschoben hatte !?

Code:
ATTFilter
========== FILES ==========
File\Folder C:\ProgramData\8of7t.js not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_215722
         

Alt 03.06.2013, 20:59   #22
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Dann is auch gut
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2013, 09:00   #23
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Moin. Weiter gehts

Alle schritte durchgeführt.

Hier das FSS:

Code:
ATTFilter
Farbar Service Scanner Version: 31-05-2013 01
Ran by Sonderman (administrator) on 04-06-2013 at 09:47:31
Running from "C:\Users\Sonderman\Downloads"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-03-16 18:37] - [2013-01-04 13:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         
Und das OTL-Log:

Code:
ATTFilter
OTL logfile created on: 04.06.2013 09:47:58 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sonderman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,65% Memory free
6,18 Gb Paging File | 4,67 Gb Available in Paging File | 75,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 312,70 Gb Free Space | 69,03% Space Free | Partition Type: NTFS
 
Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sonderman\Downloads\FSS.exe (Farbar)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Sonderman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\SONDER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (int15) -- c:\Windows\system32\drivers\int15.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928"
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.03 15:17:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.03 18:46:29 | 000,000,000 | ---D | M]
 
[2009.11.03 21:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Extensions
[2013.06.03 18:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions
[2011.08.15 21:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com
[2013.03.18 19:18:55 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.06.03 18:40:21 | 000,006,503 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\babylon.xml
[2013.06.03 18:40:38 | 000,001,294 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\delta.xml
[2012.02.05 15:57:48 | 000,000,950 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\icqplugin-4.xml
[2012.11.12 20:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.16 23:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.16 23:58:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.03 15:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.03 15:17:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.04.23 20:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonderman\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 80.69.100.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A1FAE7-3F78-47B1-A6B7-3E7108844ED5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F70D14E-127E-459B-9EE1-874EB24B4020}: DhcpNameServer = 80.69.100.206 80.69.100.182
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell - "" = AutoRun
O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 22:33:23 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013.06.03 22:00:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013.06.03 21:56:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.03 19:53:45 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.03 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Local\Macromedia
[2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution
[2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.03 18:39:56 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\SumatraPDF
[2013.06.03 18:38:47 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.03 18:38:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.03 18:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.06.03 18:38:09 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.03 18:38:09 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.03 18:37:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.03 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\DSite
[2013.06.03 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
[2013.06.03 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.03 18:29:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.03 18:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.03 16:46:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.03 16:34:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.03 16:34:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.03 16:34:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.03 16:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.03 16:34:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.03 16:34:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.03 16:34:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.03 13:00:01 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.03 13:00:01 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.03 13:00:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.06.03 13:00:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.06.03 12:59:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.06.03 12:59:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.06.03 12:37:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.03 12:34:29 | 000,000,000 | ---D | C] -- C:\JRT
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 09:52:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.04 09:52:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.04 09:52:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.04 09:52:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.04 09:46:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.04 09:45:07 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.06.04 09:45:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 09:45:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 09:45:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 09:44:55 | 3213,729,792 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.03 23:04:26 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.06.03 22:58:36 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2013.06.03 22:58:23 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013.06.03 22:37:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.06.03 22:34:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.03 22:14:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 20:47:35 | 000,007,592 | ---- | M] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat
[2013.06.03 18:46:29 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.03 18:38:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.03 18:38:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.03 18:37:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.03 18:37:17 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.03 18:37:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.03 18:37:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.03 16:00:00 | 000,890,839 | ---- | M] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe
[2013.06.03 15:26:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2013.06.03 22:34:44 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2013.06.03 18:46:29 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.03 18:46:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.06.03 18:38:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 18:37:43 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.06.03 15:59:59 | 000,890,839 | ---- | C] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe
[2013.06.03 12:05:43 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2013.06.02 21:36:20 | 3213,729,792 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.11 16:01:32 | 000,013,312 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.21 20:51:41 | 000,007,592 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat
[2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Users\Sonderman\AppData\Local\{72c0cfa5-fb1a-ed57-c2bc-68af7ec2d004}\n.
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 09:47:58 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sonderman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,65% Memory free
6,18 Gb Paging File | 4,67 Gb Available in Paging File | 75,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 312,70 Gb Free Space | 69,03% Space Free | Partition Type: NTFS
 
Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system | 
"{11D27B1E-3D22-45A1-A792-C6484291267C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system | 
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system | 
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039E6E55-21B3-40BF-9336-E3B76A05589F}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0B1DD347-DC33-413A-9BBE-7E63034E3C31}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{170A91A9-579E-4BD1-8F90-6D34FF225AE9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{328389CB-203D-4100-A554-F87D0FCD1467}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{378B80E9-2A8D-4FD0-926A-D6677162BF5C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{4105454E-4FEB-4FF1-9EEC-4E5DC7FF9F37}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4740E26C-5308-45C4-8205-60B66089AE2E}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{58CD69B3-14BF-4BB6-B220-D02DC923DC96}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B7CC9ED9-04F6-40D2-9775-C505A78792E2}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C30B8662-FC5D-4C3C-BEF4-1EDCAF4A2790}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8640299-448B-47D9-B1A3-F8D1DEE5C293}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EC211817-D644-41AB-8B64-28143005B4D0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"TCP Query User{F24961FB-F071-41BE-8C7F-86660C186474}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{8B802AD8-F2D5-4224-9056-B59E81D7EDF3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{4BA54459-7721-4FC4-B22C-E9A75CC89CCF}" = Titanic Mystery
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files&reg;: Dire Grove™
"CCleaner" = CCleaner
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"InterActual Player" = InterActual Player
"Jäger des Geisterhauses_is1" = Jäger des Geisterhauses
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Natalie Brooks" = Natalie Brooks
"Natalie Brooks 2" = Natalie Brooks 2
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"NVIDIA Drivers" = NVIDIA Drivers
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for PDF Reader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2013 12:21:56 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0,  Prozess-ID 0xb28, Anwendungsstartzeit
 01ce60765d098ef0.
 
Error - 03.06.2013 13:07:11 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0,  Prozess-ID 0xdf0, Anwendungsstartzeit
 01ce607cb0c6f110.
 
Error - 03.06.2013 13:46:16 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0,  Prozess-ID 0xaec, Anwendungsstartzeit
 01ce608229c28732.
 
Error - 03.06.2013 14:48:17 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0,  Prozess-ID 0x6f4, Anwendungsstartzeit
 01ce608ad4d61c3b.
 
Error - 03.06.2013 14:56:04 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xf34, Anwendungsstartzeit
 01ce608bf8dd5376.
 
Error - 03.06.2013 16:08:29 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xe6c, Anwendungsstartzeit
 01ce6096176f7d0a.
 
Error - 03.06.2013 16:27:18 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xe48, Anwendungsstartzeit
 01ce6098b5b6875f.
 
Error - 03.06.2013 16:53:57 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4
Description = 
 
Error - 03.06.2013 16:56:03 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4
Description = 
 
Error - 04.06.2013 03:46:53 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xaec, Anwendungsstartzeit
 01ce60f79260d0e8.
 
[ System Events ]
Error - 03.06.2013 16:08:26 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 16:08:26 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 16:27:14 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 16:27:14 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 17:04:18 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.06.2013 um 22:58:27 unerwartet heruntergefahren.
 
Error - 03.06.2013 17:05:06 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 17:05:06 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 03:46:34 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 03:46:34 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 03:49:04 | Computer Name = SondermanLaptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.102 für die Netzwerkkarte mit der Netzwerkadresse
 0022FA1F2928 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         

Alt 04.06.2013, 09:34   #24
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2013, 11:47   #25
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Hab nochmal die neueste Version von SUPERAntiSpyware laufen lassen.. ist fündig geworden.

Kennst du das Programm? wenn ja, was hältst du von dem?

Hier das Log:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/04/2013 at 12:17 PM

Application Version : 5.6.1020

Core Rules Database Version : 10481
Trace Rules Database Version: 8293

Scan type       : Complete Scan
Total Scan Time : 01:41:16

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 736
Memory threats detected   : 0
Registry items scanned    : 37813
Registry threats detected : 30
File items scanned        : 36245
File threats detected     : 6

PUP.bProtector
	HKU\S-1-5-21-1949824788-1683066341-565755642-1000\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 ]
	HKU\S-1-5-21-1949824788-1683066341-565755642-1000\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} ]
	HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
	HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#DisplayName
	HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstallString
	HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstalLinkPath
	HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#Publisher
	HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#URLInfoAbout
	HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#HelpLink

PUP.DeltaSearch
	HKLM\Software\Microsoft\Internet Explorer\Toolbar#{82E1477C-B154-48D3-9891-33D83C26BCD3}
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}#AppID
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\InprocServer32
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\InprocServer32#ThreadingModel
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\ProgID
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\Programmable
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\TypeLib
	HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\VersionIndependentProgID
	HKCR\delta.deltadskBnd.1
	HKCR\delta.deltadskBnd.1\CLSID
	HKCR\delta.deltadskBnd
	HKCR\delta.deltadskBnd\CLSID
	HKCR\delta.deltadskBnd\CurVer
	HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
	HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0
	HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0
	HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32
	HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS
	HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR
	C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\DELTATLBR.DLL
	C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\BH\DELTA.DLL
	C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\DELTAAPP.DLL
	C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\DELTASRV.EXE

Trojan.Agent/Gen-Kryptik
	C:\FRST\QUARANTINE\T7FO8.DAT
	C:\USERS\SONDERMAN\APPDATA\LOCAL\TEMP\WPBT0.DLL
         
Und was hältst du vom Windows Defender ?


Hab jetzt mal noch Avira deinstalliert und Avast heruntergeladen.
Avast Scan läuft noch.

Ansonsten keine Probleme, läuft alles normal auf dem Rechner

Zitat:
Zitat von Ritter_83 Beitrag anzeigen

Kennst du das Programm? wenn ja, was hältst du von dem?
Ahh ich seh grad, Superantispyware es wurde in meinem Beitrag automatisch verlinkt, ihr habt das also auch im Angebot hier

Wie soll ich weiter machen?

Hab Malewarebytes noch durchlaufen lassen, hoffe das ist ok!?

Hier das Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.03.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sonderman :: SONDERMANLAPTOP [Administrator]

04.06.2013 10:38:27
mbam-log-2013-06-04 (10-38-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340277
Laufzeit: 2 Stunde(n), 43 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Sonderman\AppData\Local\{72c0cfa5-fb1a-ed57-c2bc-68af7ec2d004}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\FRST\Quarantine\t7fo8.dat (Trojan.Agent.NR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonderman\AppData\Local\Temp\wpbt0.dll (Trojan.Agent.NR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 04.06.2013, 12:52   #26
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Funde löschen lassen von MBAM, reboot und neuer Quickscan bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2013, 13:18   #27
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



irgendwas ist hier noch faul.

nach dem Reboot, fährt er nun windows hoch. Er lädt nach der Anmeldung ziemlich lange. Dann erscheint irgendeine meldung (ging so schnell ich hab es nicht erkannt) und er fäht (ziemlich schnell) runter, wie wenn man energiesparen drückt.

2. versuch des hochfahrens. Windows geladen. Ich starte MBAM, Quicksan. Während des quickscans fährt die kiste wieder runter von allein.

beim 3. versuch das gleiche...




ich schreibe jetzt wieder über meinen zweitrechner...

Achja, mir ist noch aufgefallen, dass nach dem ersten Neustart die Desktop Icons kleiner geworden sind, im Vergleich zu vorher

So, irgendwie hat es beim 4. versuch hingehauen. normal gebootet, nicht unerwartet runtergefahren und MBAM ist durchgekommen im Quckscan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.03.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sonderman :: SONDERMANLAPTOP [Administrator]

04.06.2013 14:36:29
mbam-log-2013-06-04 (14-36-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201012
Laufzeit: 5 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 04.06.2013, 14:32   #28
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Komisch,

bitte öffne OTL, setze bei Extra Registrierung den Haken bei Benutze Safe List und drück Scan, poste bitte beide Logfiles.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2013, 15:14   #29
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Ok hier die Logs:

Code:
ATTFilter
OTL logfile created on: 04.06.2013 15:51:39 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sonderman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,23% Memory free
6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 311,45 Gb Free Space | 68,75% Space Free | Partition Type: NTFS
 
Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Users\Sonderman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\SONDER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (int15) -- c:\Windows\system32\drivers\int15.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=A45C0022FA1F2928
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928"
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.04 10:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.03 15:17:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.03 18:46:29 | 000,000,000 | ---D | M]
 
[2009.11.03 21:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Extensions
[2013.06.03 18:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions
[2011.08.15 21:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com
[2013.03.18 19:18:55 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.06.03 18:40:21 | 000,006,503 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\babylon.xml
[2013.06.03 18:40:38 | 000,001,294 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\delta.xml
[2012.02.05 15:57:48 | 000,000,950 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\icqplugin-4.xml
[2012.11.12 20:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.16 23:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.16 23:58:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.03 15:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.03 15:17:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.04.23 20:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonderman\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 80.69.100.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A1FAE7-3F78-47B1-A6B7-3E7108844ED5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F70D14E-127E-459B-9EE1-874EB24B4020}: DhcpNameServer = 80.69.100.206 80.69.100.182
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell - "" = AutoRun
O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 10:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.04 10:30:14 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.06.04 10:30:14 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.06.04 10:30:11 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.06.04 10:30:10 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.06.04 10:30:09 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.06.04 10:30:04 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.06.04 10:30:04 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.06.04 10:28:23 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.04 10:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.04 10:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.03 22:33:23 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013.06.03 22:00:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013.06.03 21:56:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.03 19:53:45 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.03 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Local\Macromedia
[2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution
[2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.03 18:39:56 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\SumatraPDF
[2013.06.03 18:38:47 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.03 18:38:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.03 18:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.06.03 18:38:09 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.03 18:38:09 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.03 18:37:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.03 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\DSite
[2013.06.03 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
[2013.06.03 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.03 18:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.03 16:46:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.03 16:34:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.03 16:34:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.03 16:34:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.03 16:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.03 16:34:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.03 16:34:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.03 16:34:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.03 13:00:01 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.03 13:00:01 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.03 13:00:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.06.03 13:00:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.06.03 12:59:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.06.03 12:59:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.06.03 12:37:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.03 12:34:29 | 000,000,000 | ---D | C] -- C:\JRT
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 15:56:04 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.04 15:56:04 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.04 15:56:04 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.04 15:56:04 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.04 15:49:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.04 15:49:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 15:49:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 15:49:19 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.06.04 15:49:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 15:49:09 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 14:37:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.06.04 14:34:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.04 14:14:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.04 10:30:15 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.04 10:30:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.06.03 23:04:26 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.06.03 22:58:36 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2013.06.03 22:58:23 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013.06.03 20:47:35 | 000,007,592 | ---- | M] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat
[2013.06.03 18:46:29 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.03 18:38:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.03 18:38:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.03 18:37:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.03 18:37:17 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.03 18:37:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.06.03 18:37:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.03 16:00:00 | 000,890,839 | ---- | M] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe
[2013.06.03 15:26:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2013.06.04 10:30:15 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.04 10:30:08 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.06.04 10:30:07 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.06.03 22:34:44 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2013.06.03 18:46:29 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.03 18:46:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.06.03 18:38:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 18:37:43 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.06.03 15:59:59 | 000,890,839 | ---- | C] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe
[2013.06.03 12:05:43 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2013.06.02 21:36:20 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.11 16:01:32 | 000,013,312 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.21 20:51:41 | 000,007,592 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat
[2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 15:51:39 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sonderman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,23% Memory free
6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 311,45 Gb Free Space | 68,75% Space Free | Partition Type: NTFS
 
Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system | 
"{11D27B1E-3D22-45A1-A792-C6484291267C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system | 
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system | 
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039E6E55-21B3-40BF-9336-E3B76A05589F}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0B1DD347-DC33-413A-9BBE-7E63034E3C31}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{170A91A9-579E-4BD1-8F90-6D34FF225AE9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{328389CB-203D-4100-A554-F87D0FCD1467}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{378B80E9-2A8D-4FD0-926A-D6677162BF5C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{4105454E-4FEB-4FF1-9EEC-4E5DC7FF9F37}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4740E26C-5308-45C4-8205-60B66089AE2E}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{58CD69B3-14BF-4BB6-B220-D02DC923DC96}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B7CC9ED9-04F6-40D2-9775-C505A78792E2}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C30B8662-FC5D-4C3C-BEF4-1EDCAF4A2790}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8640299-448B-47D9-B1A3-F8D1DEE5C293}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EC211817-D644-41AB-8B64-28143005B4D0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"TCP Query User{F24961FB-F071-41BE-8C7F-86660C186474}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{8B802AD8-F2D5-4224-9056-B59E81D7EDF3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{4BA54459-7721-4FC4-B22C-E9A75CC89CCF}" = Titanic Mystery
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"avast" = avast! Free Antivirus
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files&reg;: Dire Grove™
"CCleaner" = CCleaner
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"InterActual Player" = InterActual Player
"Jäger des Geisterhauses_is1" = Jäger des Geisterhauses
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Natalie Brooks" = Natalie Brooks
"Natalie Brooks 2" = Natalie Brooks 2
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"NVIDIA Drivers" = NVIDIA Drivers
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for PDF Reader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2013 16:08:29 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xe6c, Anwendungsstartzeit
 01ce6096176f7d0a.
 
Error - 03.06.2013 16:27:18 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xe48, Anwendungsstartzeit
 01ce6098b5b6875f.
 
Error - 03.06.2013 16:53:57 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4
Description = 
 
Error - 03.06.2013 16:56:03 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4
Description = 
 
Error - 04.06.2013 03:46:53 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xaec, Anwendungsstartzeit
 01ce60f79260d0e8.
 
Error - 04.06.2013 04:24:37 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xe5c, Anwendungsstartzeit
 01ce60fcf0cad9db.
 
Error - 04.06.2013 08:07:58 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xe88, Anwendungsstartzeit
 01ce611c01b6a27b.
 
Error - 04.06.2013 08:14:12 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0x688, Anwendungsstartzeit
 01ce611ce11e77b4.
 
Error - 04.06.2013 08:33:43 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xfcc, Anwendungsstartzeit
 01ce611fa801ed11.
 
Error - 04.06.2013 09:50:10 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel
 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 
0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6,  Prozess-ID 0xce0, Anwendungsstartzeit
 01ce612a6a99fb9b.
 
[ System Events ]
Error - 04.06.2013 08:06:52 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 08:10:08 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.06.2013 um 14:08:18 unerwartet heruntergefahren.
 
Error - 04.06.2013 08:12:02 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.06.2013 um 14:10:08 unerwartet heruntergefahren.
 
Error - 04.06.2013 08:13:41 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 08:13:41 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 08:31:10 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.06.2013 um 14:16:02 unerwartet heruntergefahren.
 
Error - 04.06.2013 08:32:44 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 08:32:44 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 09:50:07 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2013 09:50:07 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Alt 04.06.2013, 17:15   #30
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner - Standard

GVU-Trojaner



Hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928"
[2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll File not found
[2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution
[2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon
[2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU-Trojaner
.exe, abgesicherte, abgesicherten, booten, home premium, js/agent.480412, notebook, otlpenet.exe, premium, rogue.livesecurityplatinum, sämtliche, tr/crypt.zpack.gen8, trojan.agent.nr, trojan.agent/gen-kryptik, trojan.zaccess, vista home premium, windows vista




Zum Thema GVU-Trojaner - http://download.bleepingcomputer.com...sta/wscsvc.reg http://download.bleepingcomputer.com...ta/Winmgmt.reg Beides laden und ausführen mit Rechtsklick > Zusammenführen. Reboot und neues FSS log sowie ein frisches OTL log bitte. Komplettes Log von Avira wäre nett, in dem obigen - GVU-Trojaner...
Archiv
Du betrachtest: GVU-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.