| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.07.2013, 16:54
| #1 |
 |  TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Hallo Community Auf dem Vista-PC meiner Frau haben sich Schädlinge eingenistet, die unsere PC-Fähigkeiten leider überschreiten. Zugegebenermaßen beschränkten sich diese Fähigkeiten auch nur auf die Avira Antivir Reinigung und Spybot Search and Destroy. Avira macht ständig den Sicherheitshinweis auf, daß es TR/ATRAPS.Gen2 gefunden hat. Als Pfad wird c:\windows\installer\...\80000032.@ angegeben, wobei die letzten Ziffern variieren. Auch wenn man jetzt Entfernen anklickt, taucht die Meldung in kürzester Zeit wieder auf. Zudem kommt immer wieder die Meldung, daß der Hostprozeß für Windowsdienste von der Datenausführungsverhinderung beendet und geschlossen wurde. Der Windows Sicherheitscenterdienst ist deaktiviert und läßt sich nicht aktivieren (kann nicht gestartet werden) Öffnet man den Browser, so öffnet sich auomatisch in einem zweiten Tab neben der Startseite die Seite hxxp://www.giga.de/androidnews/ Ich war alles, was mir so auf Anhieb auffällt, jetzt noch eben die Logs: OTL Code:
ATTFilter OTL logfile created on: 22.07.2013 15:19:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gnubbi\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19443) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,69% Memory free 8,20 Gb Paging File | 6,64 Gb Available in Paging File | 80,96% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,69 Gb Total Space | 321,72 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Drive D: | 14,48 Gb Total Space | 2,00 Gb Free Space | 13,82% Space Free | Partition Type: NTFS Computer Name: GNUBBI-TEILCHEN | User Name: Gnubbi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.22 15:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gnubbi\Desktop\OTL.exe PRC - [2013.07.15 13:07:42 | 000,709,120 | ---- | M] (Windows Net) -- C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.08 20:57:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 09:42:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 09:42:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.06.11 02:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Users\Gnubbi\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Users\Gnubbi\RocketDock\RocketDock.exe MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Users\Gnubbi\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.03.29 04:42:42 | 000,036,360 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2013.07.03 13:14:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.12 16:13:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 09:42:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 09:42:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.06.11 02:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.03.29 04:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.11 07:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.08 09:42:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 09:42:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.12 23:07:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2012.03.12 23:07:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2010.11.17 14:04:18 | 000,111,120 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 04:25:16 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2008.11.29 08:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.06.11 04:51:32 | 000,395,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.06.09 15:36:56 | 000,459,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x) DRV:64bit: - [2008.02.14 16:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2011.02.06 16:28:05 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2004.12.30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F5C44D02-1CFC-4026-BBCC-E3514C88692E} IE:64bit: - HKLM\..\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16 IE - HKLM\..\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=42D400225F09AD59&affID=122450&tsp=4943iga.de/my_homepage/0022/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{01_TL-YODL-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_yodl&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{03_TL-TELEFONBUCH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{04_TL-AMAZON-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{05_TL-EBAY-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{07_TL-CONRAD-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_conrad&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{08_TL-OTTO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{09_TL-CLIPFISH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{10_TL-MYVIDEO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{11_TL-MUSICLOAD-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_musicload&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus IE - HKCU\..\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012.11.13 22:22:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 13:13:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 13:13:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012.11.13 22:22:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\mail@gutscheinrausch.de FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 13:13:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 13:13:59 | 000,000,000 | ---D | M] [2012.11.13 21:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Extensions [2013.07.15 13:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions [2013.07.15 13:07:33 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions\amazon-icon@winload.de [2013.07.15 13:07:35 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions\sparpilot@sparpilot.com [2013.07.15 13:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions\staged [2013.07.21 19:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions [2013.07.15 13:07:33 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions\amazon-icon@winload.de [2013.06.29 19:25:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions\ich@maltegoetz.de [2013.07.15 13:07:35 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions\sparpilot@sparpilot.com [2009.11.16 20:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Sunbird\Profiles\ys4klgqm.default\extensions [2013.07.19 20:54:58 | 000,059,274 | ---- | M] () (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\extensions\om@offermosquito.com.xpi [2013.07.19 00:00:42 | 000,621,019 | ---- | M] () (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\extensions\toolbar@web.de.xpi [2013.07.15 22:39:30 | 000,535,736 | ---- | M] () (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.07.14 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.07.03 13:13:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.07.14 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013.07.03 13:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.07.03 13:14:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll [2009.05.02 16:35:37 | 000,001,779 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\clipfish.xml [2009.05.02 16:35:37 | 000,001,013 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\conrad.xml [2009.05.02 16:35:37 | 000,002,487 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\discount24.xml [2009.05.02 16:35:37 | 000,001,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\musicload.xml [2009.05.02 16:35:37 | 000,002,120 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\myvideo.xml [2009.05.02 16:35:37 | 000,002,023 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\otto.xml [2009.05.02 16:35:37 | 000,000,758 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\quelle.xml [2009.05.02 16:35:37 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonbuch-de.xml [2009.05.02 16:35:37 | 000,005,375 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yodl.xml [2009.10.14 16:26:52 | 000,002,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi113.xml [2009.10.15 10:40:47 | 000,002,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi115.xml O1 HOSTS File: ([2010.10.12 10:28:18 | 000,421,744 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14545 more lines... O2 - BHO: (PiccShare BHO) - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Gnubbi\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [DataMgr] C:\Users\Gnubbi\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.) O4 - HKCU..\Run: [Intermediate] C:\Users\Gnubbi\AppData\Roaming\Intermediate\Intermediate.exe () O4 - HKCU..\Run: [RocketDock] C:\Users\Gnubbi\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SCheck] C:\Users\Gnubbi\AppData\Roaming\SCheck\SCheck.exe () O4 - HKCU..\Run: [Snoozer] C:\Users\Gnubbi\AppData\Roaming\Snz\Snz.exe () O4 - HKCU..\Run: [SSync] C:\Users\Gnubbi\AppData\Roaming\SSync\SSync.exe () O4 - HKLM..\RunOnce: [3dlagunabeachscreensaver] C:\Users\Gnubbi\AppData\Local\Temp\BI_RunOnce.exe (Somoto Ltd.) O4 - Startup: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe (Windows Net) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2D6182-2146-43C7-B4CC-6F38528768F5}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\gcf - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found O24 - Desktop WallPaper: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{65e9b171-37c0-11de-9b9e-00221558ad48}\Shell\AutoRun\command - "" = J:\rnwlvb.exe O33 - MountPoints2\{65e9b171-37c0-11de-9b9e-00221558ad48}\Shell\explore\Command - "" = J:\rnwlvb.exe O33 - MountPoints2\{65e9b171-37c0-11de-9b9e-00221558ad48}\Shell\open\Command - "" = J:\rnwlvb.exe O33 - MountPoints2\{fa3cd6dd-7f5d-11df-b2fc-00221558ad48}\Shell - "" = AutoRun O33 - MountPoints2\{fa3cd6dd-7f5d-11df-b2fc-00221558ad48}\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.22 15:15:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gnubbi\Desktop\OTL.exe [2013.07.22 12:00:16 | 002,644,504 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Sandy_Beach_3D_Screensaver.scr [2013.07.22 12:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sandy Beach 3D Screensaver [2013.07.22 11:54:50 | 002,536,992 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Caribbean_Islands_3D_Screensaver.scr [2013.07.22 11:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Caribbean Islands 3D Screensaver [2013.07.21 19:46:36 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Snz [2013.07.15 14:16:13 | 002,511,384 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Tropical_Fish_3D_Screensaver.scr [2013.07.15 14:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tropical Fish 3D Screensaver [2013.07.15 14:05:42 | 000,197,120 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\3-D Jellyfish DemoESD.scr [2013.07.15 14:05:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3-D Jellyfish DemoESD dir [2013.07.15 13:17:32 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\ext_piccshare [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\SSync [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\SCheck [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Intermediate [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\DataMgr [2013.07.15 13:16:18 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\PiccShare [2013.07.15 13:16:18 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Common [2013.07.15 13:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Space Tour screensavers [2013.07.15 13:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D Space Tour [2013.07.15 13:08:20 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software [2013.07.15 13:07:43 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Windows Net Data [2013.07.15 13:07:34 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47 [2013.07.15 13:07:33 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2 [2013.07.15 13:07:33 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e [2013.07.15 13:07:33 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\ChromeExtensions [2013.07.14 14:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenSaverGift [2013.07.10 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro Gemini Software [2013.07.03 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.30 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\PuzzleLab [2013.06.30 20:45:20 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition [2013.06.30 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition [2013.06.30 20:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.22 15:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gnubbi\Desktop\OTL.exe [2013.07.22 15:15:08 | 000,000,000 | ---- | M] () -- C:\Users\Gnubbi\defogger_reenable [2013.07.22 15:14:48 | 000,050,477 | ---- | M] () -- C:\Users\Gnubbi\Desktop\Defogger.exe [2013.07.22 15:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.22 14:32:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.22 13:49:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 13:49:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 09:49:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.22 09:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.19 17:16:31 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.07.16 13:54:20 | 000,002,098 | ---- | M] () -- C:\Windows\wininit.ini [2013.07.15 14:09:47 | 000,000,368 | ---- | M] () -- C:\Users\Gnubbi\AppData\Roaming\burnaware.ini [2013.07.15 14:05:42 | 000,197,120 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\3-D Jellyfish DemoESD.scr [2013.07.15 13:07:50 | 000,001,779 | ---- | M] () -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2013.07.11 11:17:54 | 000,327,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.11 00:43:29 | 001,497,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.11 00:43:29 | 000,639,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.11 00:43:29 | 000,604,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.11 00:43:29 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.11 00:43:29 | 000,108,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.07 15:55:46 | 000,000,032 | ---- | M] () -- C:\Windows\setup.INI [2013.06.26 08:53:28 | 000,044,216 | ---- | M] () -- C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe [2013.06.23 18:07:22 | 000,032,256 | ---- | M] () -- C:\Users\Gnubbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.22 15:15:08 | 000,000,000 | ---- | C] () -- C:\Users\Gnubbi\defogger_reenable [2013.07.22 15:14:48 | 000,050,477 | ---- | C] () -- C:\Users\Gnubbi\Desktop\Defogger.exe [2013.07.15 13:17:05 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.15 13:17:04 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.15 13:08:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\Astro Gemini Screensaver Manager.scr [2013.07.15 13:08:21 | 000,001,079 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk [2013.07.15 13:07:50 | 000,001,779 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2013.07.10 22:40:32 | 000,002,303 | ---- | C] () -- C:\Windows\SysWow64\NaechtlicheStadt3DBildschirmschoner.html [2013.07.10 22:40:31 | 012,460,032 | ---- | C] () -- C:\Windows\SysWow64\Nächtliche Stadt 3D Bildschirmschoner.scr [2013.07.07 15:55:46 | 000,000,032 | ---- | C] () -- C:\Windows\setup.INI [2013.06.26 08:53:28 | 000,044,216 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe [2012.04.06 17:22:57 | 000,000,108 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\Config_946EE51E.dat [2012.04.06 17:22:57 | 000,000,038 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\Index_946EE51E.dat [2012.03.21 08:59:01 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.11.30 22:02:54 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.11.02 15:53:49 | 000,000,094 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\fusioncache.dat [2011.11.02 15:53:31 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.06 15:22:02 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.07.21 22:29:50 | 000,000,552 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\d3d8caps.dat [2009.10.03 18:47:28 | 000,026,120 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\UserTile.png [2009.06.17 12:58:10 | 000,000,368 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\burnaware.ini [2009.04.22 09:52:04 | 000,000,218 | ---- | C] () -- C:\Users\Gnubbi\.recently-used.xbel [2009.04.22 07:30:39 | 000,001,916 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\wklnhst.dat [2009.04.13 00:21:42 | 000,032,256 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.04 13:30:28 | 000,039,060 | ---- | C] () -- C:\Program Files (x86)\Buffering2.jpg [2007.03.04 13:30:28 | 000,039,047 | ---- | C] () -- C:\Program Files (x86)\Buffering5.jpg [2007.03.04 13:30:28 | 000,039,040 | ---- | C] () -- C:\Program Files (x86)\Buffering1.jpg [2007.03.04 13:30:28 | 000,039,038 | ---- | C] () -- C:\Program Files (x86)\Buffering6.jpg [2007.03.04 13:30:28 | 000,039,035 | ---- | C] () -- C:\Program Files (x86)\Buffering4.jpg [2007.03.04 13:30:28 | 000,039,033 | ---- | C] () -- C:\Program Files (x86)\Buffering3.jpg [2007.03.04 13:30:28 | 000,039,020 | ---- | C] () -- C:\Program Files (x86)\Buffering7.jpg ========== ZeroAccess Check ========== [2011.11.18 22:55:05 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\@ [2013.07.20 23:04:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L [2013.07.22 15:17:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U [2013.07.22 13:37:44 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\00000004.@ [2013.07.16 23:15:31 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000004.@ [2013.07.15 15:09:54 | 000,001,024 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000008.@ [2013.07.16 23:15:31 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\000000cb.@ [2013.07.16 23:15:31 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000000.@ [2013.07.22 15:17:59 | 000,091,648 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000032.@ [2013.07.22 13:37:19 | 000,077,312 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000064.@ [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.07.22 09:49:26 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.07.22 09:49:26 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2009.04.22 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\.purple [2010.03.11 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\2monkeys [2011.12.13 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Absolutist [2011.07.23 20:22:27 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Ace [2009.11.17 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Aisle 5 Games, Inc [2012.12.28 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Alawar [2013.03.06 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Alawar Entertainment [2012.12.31 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Alawar Stargaze [2013.02.01 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\AlawarEntertainment [2011.07.09 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Amazon [2010.02.17 21:12:56 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Anabel [2013.02.25 15:25:31 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Anarchy [2009.08.13 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Ancient Quest of Saqqarah__intenium [2011.05.24 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Anthropics [2013.01.10 20:37:15 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Artifex Mundi [2013.07.15 13:08:20 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software [2010.02.16 22:20:19 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Awem [2011.10.21 20:47:39 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\becker [2013.02.16 21:25:22 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Big Fish Games [2012.08.23 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Boolat Games [2013.01.13 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Boomzap [2011.02.06 15:22:03 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Carambis [2009.10.07 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\casanova [2013.01.18 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\cerasus.media [2013.07.15 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Common [2013.03.02 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DailyMagic [2013.07.15 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DataMgr [2012.11.09 14:50:05 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Deep Shadows [2010.01.22 00:26:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Dekovir [2011.03.11 09:18:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Delfyn Software [2011.11.30 22:02:54 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DesktopIconForAmazon [2013.01.31 12:08:54 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DieselPuppet [2011.05.06 11:09:57 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DivoGames [2010.05.12 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Dream Aquarium [2009.09.07 23:01:17 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DreamDale [2013.03.17 22:19:43 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoft [2011.04.02 22:18:44 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.29 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\EleFun Desktops [2010.03.19 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ElementalsTheMagicKey [2013.01.13 15:17:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Enki Games [2013.01.01 17:43:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ERS G-Studio [2013.02.04 16:32:47 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ERS Game Studios [2009.09.22 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\FlyWheelGames [2011.05.06 11:04:46 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Friday's games [2011.10.08 19:38:00 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Funswitch [2010.05.12 10:58:04 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Gamers Digital [2010.02.16 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Games [2012.11.13 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\GetRightToGo [2012.11.09 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Gogii [2012.11.08 14:26:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\HipSoft [2009.04.26 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ICQ [2011.11.02 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Imaxel [2013.02.27 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Inertia Game Studios [2011.04.08 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Intenium [2009.08.13 11:58:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Inteniumv1002 [2013.07.21 19:47:09 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Intermediate [2009.10.15 02:04:40 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Magic Academy 2 [2009.08.11 14:20:07 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Magic Match [2009.09.07 22:58:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\MagicBall4 [2009.08.18 23:19:23 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Magus [2013.02.16 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Mariaglorum [2012.01.13 14:20:27 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Marine Aquarium 3 [2012.03.02 12:00:09 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\McLoad [2009.09.08 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\md studio [2010.04.21 12:03:33 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Meridian93 [2010.03.26 13:56:09 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\MissTeriTale3 [2009.09.28 22:47:20 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\My Games [2012.07.02 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Mystery of Mortlake Mansion [2010.05.08 17:31:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Nevosoft Games [2013.02.21 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Orneon [2010.01.16 23:05:03 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PC Suite [2009.08.18 22:15:42 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Peace Craft [2011.06.29 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PeaceCraft2 [2009.10.03 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PeerNetworking [2013.07.15 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PiccShare [2013.01.16 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PlayFavoriteGames [2009.08.23 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PlayFirst [2012.10.29 13:45:11 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PlayPond [2010.05.08 14:34:58 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Playrix Entertainment [2011.12.26 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ProtectDisc [2013.06.30 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PuzzleLab [2012.11.17 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Rumbic Studio [2012.08.23 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Sahmon Games [2011.02.06 16:11:44 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Samsung [2013.07.15 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SCheck [2009.04.24 13:10:32 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SecondLife [2009.08.23 12:32:23 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SecretIslandDeuBF [2011.03.05 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Settlement. Colossus [2010.06.26 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ShinyTales [2010.05.22 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Silverback Productions [2012.07.17 22:14:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SMIGames [2013.07.21 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Snz [2009.05.02 19:26:59 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\soul.im [2009.04.11 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SoundSpectrum [2009.08.05 22:55:15 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SpinTop Games [2013.07.15 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SSync [2009.07.10 18:03:51 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Super-Cow [2009.04.22 07:30:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Template [2010.01.29 23:52:47 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\TitanicMystery [2013.01.14 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Top Evidence [2009.09.07 23:08:46 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Total Eclipse [2009.04.11 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\TuneUp Software [2010.02.16 21:53:34 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\V-Games [2010.04.10 12:40:31 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\VampireSaga [2013.02.27 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Vogat Interactive [2012.08.05 20:53:58 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\WendigoStudios [2013.07.15 13:07:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Windows Net Data [2011.05.07 21:55:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\YoudaGames [2009.07.10 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:08993BCD @Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:2AD33723 @Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:4EFA2FC7 @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:1416AAA6 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0BCD47A5 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6E2D80C8 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:526B3022 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8A459C3C @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DDF112BD @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:104A1C3E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1957F8A9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:12258D63 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A9562832 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0BC72B1F @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8D5A0C4E @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2AF322BF @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5E8C18F1 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:587F3582 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F264BECE @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:062AF572 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:12A8EFF7 < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.07.2013 15:19:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gnubbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,69% Memory free
8,20 Gb Paging File | 6,64 Gb Available in Paging File | 80,96% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,69 Gb Total Space | 321,72 Gb Free Space | 55,31% Space Free | Partition Type: NTFS
Drive D: | 14,48 Gb Total Space | 2,00 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Computer Name: GNUBBI-TEILCHEN | User Name: Gnubbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 65 CD 36 17 5A 53 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B56EB3-C5B8-421C-3AC5-D47F07CBEFCB}" = ccc-utility64
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82D52DEB-4262-2846-07E5-2D5A6C3C9A01}" = ATI AVIVO64 Codecs
"{866FADAA-D878-8B7A-738D-E6659493108D}" = ATI Problem Report Wizard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{057457E5-2C85-18F9-047E-E7967617E29B}" = CCC Help Japanese
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A60AEBF-9713-2B83-D68E-5587B5A88C07}" = CCC Help Czech
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{149F9A5E-889D-474B-BA15-AFA0E614E5EA}_is1" = 100 Prozent Wimmelbild
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
"{1AD5C939-FF2D-8F94-2262-4234F61427CD}" = CCC Help Finnish
"{1C0935E3-8FC6-55E8-6795-A3CDD60BE8A9}" = CCC Help Swedish
"{1CB31513-EBD1-2459-0856-C05E4408EE7F}" = CCC Help Danish
"{1E99F8BD-85B0-4660-B756-1559E1BED376}" = Create™
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A15356-D9F7-43AC-9545-0B520F001B73}" = DigiFish Dolphin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BC2CEA9-41F0-E6B0-EC71-CE2D59ED674C}" = CCC Help Norwegian
"{3CCE46D9-16CC-CBFC-9B19-A39D91BFA061}" = CCC Help Greek
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{437B2D30-C07F-E54B-9233-E53DA623FC44}" = CCC Help Spanish
"{46390857-C554-4F37-A888-9BEEC4241CC6}_is1" = Amazonia
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{564E996B-604A-07D4-4046-9E853A198820}" = CCC Help Polish
"{59FE3F4B-EBD0-40A9-9723-41BA09997F98}" = Necronomicon
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67445258-659C-4375-BAB5-AEACEDCE532C}" = Aqua Real 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BEEC8A0-D37D-11DB-6784-02BAAF0918BE}" = Dolphin Dreams 5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{72B42C29-3838-1533-679F-313FF4858DFA}" = CCC Help Chinese Traditional
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76A00845-519C-69DF-B66D-15FE27207503}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80A2925F-47CA-4569-719A-DCA01048A766}" = CCC Help Hungarian
"{8133A2C6-7D5A-2C48-8C74-279B0E98FEF4}" = Catalyst Control Center Localization All
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BBFFFA-806E-0316-D23C-8D6F8BEE652C}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F356627-3D0A-F5DF-B60E-04194A4CCF29}" = CCC Help French
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91AC4ECB-8C44-47CA-833D-0769B8CD0E7E}_is1" = Mystery Stories - Expedition des Grauens
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96DA5DBF-C3A5-BEBB-93F4-EB1601B71B32}" = Catalyst Control Center Graphics Previews Common
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC4EC21-549B-4F8D-A9DD-0403411CB618}" = DigiFish Seahorse
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C362EEE-BEDE-4E97-9930-8F463B95BFF0}_is1" = Mystery Stories - Das Geisterschiff
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAFD160A-2333-40D8-AA25-42D1989CA0F2}" = Toy Story 3
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61C7CA4-4604-B116-8C44-9F0539839542}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar Ratatouille
"{BB2D1EC1-A6FE-F428-86C8-D01DBE122E03}" = CCC Help Portuguese
"{C1DE66B8-BFBB-0678-7D68-ACBC6A9EFD0C}" = CCC Help German
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9BBA7E5-D502-1831-5BFA-2FFB3DFBBE83}" = Catalyst Control Center Profiles Desktop
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB1473AA-C77B-295B-BE3E-F8EDD8227E21}" = CCC Help Dutch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB33664C-5683-40AB-B968-01276F6F3446}" = ebgcRes
"{CD4ABC29-0547-388C-B8BC-EF88333E5C2E}" = Google Chrome Frame
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3FF1277-6444-4466-ABE0-FD884920507C}" = CCC Help Russian
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.4
"{D8A8894A-B875-8206-E820-B27BCD72C5A0}" = HydraVision
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DDDDEDE3-1C38-4B1E-91D0-01954310A7CE}" = PC Sync Manager
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DE7A7E11-DC47-41FC-9E0A-D388FEDC9EC0}_is1" = Tibor
"{E0263586-7C3E-8912-4E3B-88C6EEC0DDB1}" = ccc-core-static
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E915496B-A802-E211-B241-A7BBFC7F04F5}" = CCC Help Thai
"{E935DF41-EB7A-4519-93E8-C5822EB5B6D6}" = Alice im Wunderland
"{EAFDF0CA-5DDA-4666-A3C2-4FD6CBFB97BC}" = CCC Help Korean
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1103ACB-5652-43E3-B210-8DC9667BEEED}" = Aqua Real 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{FB542613-B395-41D2-B24A-4DAD6CC1327B}_is1" = Black Mirror 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1001 Nacht: Die Abenteuer von Sindbad" = 1001 Nacht: Die Abenteuer von Sindbad
"3-D Jellyfish DemoESD" = 3-D Jellyfish DemoESD Screen Saver
"3D Starry Night Screensaver" = 3D Starry Night Screensaver
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ancient Castle 3D Screensaver_is1" = Ancient Castle 3D Screensaver 1.1
"Aranjas 2" = Aranjas 2
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 2.0
"AstroPop Deluxe_is1" = AstroPop Deluxe
"Atomica Deluxe_is1" = Atomica Deluxe
"Aurora 14.0a2 (x86 de)" = Aurora 14.0a2 (x86 de)
"Autumn Forest 3D Screensaver and Animated Wallpaper_is1" = Autumn Forest 3D Screensaver and Animated Wallpaper 1.0
"Autumn Wonderland 3D Screensaver and Animated Wallpaper_is1" = Autumn Wonderland 3D Screensaver and Animated Wallpaper 1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bejeweled 2 Deluxe_is1" = Bejeweled 2 Deluxe
"BFG-9 - The Dark Side" = 9: The Dark Side
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Arcana - Die Spiegelwelt" = Dark Arcana: Die Spiegelwelt
"BFG-Dark Dimensions - Stadt im Nebel Sammleredition" = Dark Dimensions: Stadt im Nebel Sammleredition
"BFG-Dark Ritual" = Dark Ritual
"BFG-Dark Tales - Das vorzeitige Begraebnis von Edgar Allan Poe" = Dark Tales: Das vorzeitige Begrabnis von Edgar Allan Poe
"BFG-Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe Sammleredition" = Dark Tales:™ Der Mord in der Rue Morgue von Edgar Allan Poe Sammleredition
"BFG-Der Exorzist" = Der Exorzist
"BFG-FACES" = F.A.C.E.S.
"BFG-Gravely Silent - Haus des Schreckens Sammleredition" = Gravely Silent: Haus des Schreckens Sammleredition
"BFG-Haunted Halls - Die Rache des Dr Blackmore Sammleredition" = Haunted Halls: Die Rache des Dr. Blackmore Sammleredition
"BFG-Haunted Manor - Der Herr der Spiegel Sammleredition" = Haunted Manor: Der Herr der Spiegel Sammleredition
"BFG-Haus der 1000 Tueren - Familiengeheimnisse Sammleredition" = Haus der 1000 Türen - Familiengeheimnisse Sammleredition
"BFG-Mystery Legends - Beauty and the Beast" = Mystery Legends: Beauty and the Beast
"BFG-Mystery of the Ancients - Der Fluch des Schwarzen Wassers Sammleredition" = Mystery of the Ancients: Der Fluch des Schwarzen Wassers Sammleredition
"BFG-Phenomenon - Meteorit Sammleredition" = Phenomenon: Meteorit Sammleredition
"BFG-Sacra Terra - Nacht der Engel Sammleredition" = Sacra Terra: Nacht der Engel Sammleredition
"BFG-Secrets of the Dark - Der finstere Berg" = Secrets of the Dark: Der finstere Berg
"BFG-Weird Park - Schraege Toene Sammleredition" = Weird Park: Schräge Töne Sammleredition
"BFG-Weird Park - Unheimliche Maerchen" = Weird Park - Unheimliche Märchen
"Black Mirror III_is1" = Black Mirror III
"Bud Redhead" = Bud Redhead
"Build-a-lot Fairy Tales" = Build-a-lot Fairy Tales
"BurnAware Free_is1" = BurnAware Free 2.3.7
"Caribbean Islands 3D Screensaver and Animated Wallpaper_is1" = Caribbean Islands 3D Screensaver and Animated Wallpaper 1.1
"Christmas Cards Screensaver_is1" = Christmas Cards Screensaver 1.0
"Coral Reef 3D Screensaver and Animated Wallpaper_is1" = Coral Reef 3D Screensaver and Animated Wallpaper 1.1
"Das gelobte Land" = Das gelobte Land
"Das Reich des Drachen" = Das Reich des Drachen
"Das Smaragd-Riff" = Das Smaragd-Riff
"Das Vermächtnis der Insel (Vorschau)" = Das Vermächtnis der Insel (Vorschau)
"Der Exorzist III: Geburt der Finsternis" = Der Exorzist III: Geburt der Finsternis
"Der Fall Dillinger" = Der Fall Dillinger
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"Die Fisch-Oase 2" = Die Fisch-Oase 2
"Die Fisch-Oase H2O" = Die Fisch-Oase H2O
"Die Romantik Roms" = Die Romantik Roms
"Die Sage von Kolossus" = Die Sage von Kolossus
"Die Vergessenen Kinder" = Die Vergessenen Kinder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Digi Foto" = dm Digi Foto
"DNAGame" = DNAGame
"Drawn - Der Turm 1.00" = Drawn - Der Turm 1.00
"Draxonflys Guild Wars Screensaver 1_is1" = Draxonflys Guild Wars Screensaver 1
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Earth 3D Space Tour screensaver_is1" = Earth 3D Space Tour screensaver v1.1
"Elementals: Der Magische Schlüssel" = Elementals: Der Magische Schlüssel
"Empress of the Deep" = Empress of the Deep
"Escape from Lost Island" = Escape from Lost Island
"Escape Rosecliff Island" = Escape Rosecliff Island
"Ewige Reise: Das neue Atlantis" = Ewige Reise: Das neue Atlantis
"Faraway Planet 3D Screensaver_is1" = Faraway Planet 3D Screensaver 1.0
"Flucht aus dem Paradies" = Flucht aus dem Paradies
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Free Studio_is1" = Free Studio version 5.1.5
"Free YouTube Download_is1" = Free YouTube Download version 2.10.28
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Garten-Glück" = Garten-Glück
"Garten-Glück: Jetzt wird renoviert! Sammleredition" = Garten-Glück: Jetzt wird renoviert! Sammleredition
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"GuildWars Visions_is1" = GuildWars Visions v1.08
"Hidden Magic" = Hidden Magic
"Hide And Secret 3" = Hide And Secret 3
"Hinter dem Spiegel 2 - Die Rache der Hexe" = Hinter dem Spiegel 2 - Die Rache der Hexe
"Infected: Der Zwillings-Impfstoff" = Infected: Der Zwillings-Impfstoff
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Jack of all Tribes" = Jack of all Tribes
"Jumpin’ Jack" = Jumpin’ Jack
"Kinder des Mondes" = Kinder des Mondes
"Koi Fish 3D Screensaver and Animated Wallpaper_is1" = Koi Fish 3D Screensaver and Animated Wallpaper 2.0
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Land der Magie" = Land der Magie
"Living Waterfalls Screensaver" = Living Waterfalls Screensaver
"Lost Souls - Die verzauberten Gemälde" = Lost Souls - Die verzauberten Gemälde
"Luxor Adventures" = Luxor Adventures
"Magic Encyclopedia – Mondschein" = Magic Encyclopedia – Mondschein
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Moonlight Match: Eine zauberhafte Nacht" = Moonlight Match: Eine zauberhafte Nacht
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery of Mortlake Mansion_is1" = Mystery of Mortlake Mansion
"Nächtliche Stadt 3D Bildschirmschoner_is1" = Nächtliche Stadt 3D Bildschirmschoner 1.0
"Nature 3D Screensaver_is1" = Nature 3D Screensaver 1.1
"Odyssee ins Ungewisse" = Odyssee ins Ungewisse
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PhotoFiltre" = PhotoFiltre
"Picasa 3" = Picasa 3
"Portrait Professional 6_is1" = Portrait Professional 6.3
"Portrait Professional Studio 9_is1" = Portrait Professional Studio 9.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Ritter Arthur II" = Ritter Arthur II
"RocketDock_is1" = RocketDock 1.3.5
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Sandra Fleming Chronicles – Crystal Skulls" = Sandra Fleming Chronicles – Crystal Skulls
"Sandy Beach 3D Screensaver and Animated Wallpaper_is1" = Sandy Beach 3D Screensaver and Animated Wallpaper 1.0
"Scarlett Frost und das Theater des Schreckens" = Scarlett Frost und das Theater des Schreckens
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"Shaman Odyssey" = Shaman Odyssey
"Snow Village 3D Screensaver_is1" = Snow Village 3D Screensaver 1.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Stadt der Angst" = Stadt der Angst
"Stray Souls: Das Haus Der Puppen Sammleredition" = Stray Souls: Das Haus Der Puppen Sammleredition
"Sunny Patio 3D Screensaver and Animated Wallpaper_is1" = Sunny Patio 3D Screensaver and Animated Wallpaper 1.1
"T2002 V1.0" = T2002 V1.0
"Tatort Museum 2" = Tatort Museum 2
"The Island: Castaway" = The Island: Castaway
"The Island: Castaway 2" = The Island: Castaway 2
"The Void_is1" = The Void
"TipTop Deluxe_is1" = TipTop Deluxe
"Tropical Fish 3D Screensaver and Animated Wallpaper_is1" = Tropical Fish 3D Screensaver and Animated Wallpaper 1.2
"Trügerische Zuflucht: White Haven Mysteries" = Trügerische Zuflucht: White Haven Mysteries
"Tulula: Die Legende des Vulkans" = Tulula: Die Legende des Vulkans
"TwinkleGLSetup" = TwinkleGL Screen Saver
"Twisted Lands - Insomniac" = Twisted Lands - Insomniac
"Twisted Lands: Der Anfang" = Twisted Lands: Der Anfang
"Uninstall_is1" = Uninstall 1.0.0.1
"Vampireville" = Vampireville
"Vampirsaga: Büchse der Pandora" = Vampirsaga: Büchse der Pandora
"Voodoo Chroniken: Erstes Zeichen" = Voodoo Chroniken: Erstes Zeichen
"Voodoo Whisperer: Fluch einer Legende" = Voodoo Whisperer: Fluch einer Legende
"Watermill 3D Screensaver_is1" = Watermill 3D Screensaver 2.0
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
"WhiteCap" = WhiteCap
"Wildflowers 3D Screensaver and Animated Wallpaper_is1" = Wildflowers 3D Screensaver and Animated Wallpaper 1.1
"Windows Utils" = Windows Utils
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Youda Survivor" = Youda Survivor
"Zeit der Abenteuer: Der Held in dir" = Zeit der Abenteuer: Der Held in dir
"Zuma Deluxe_is1" = Zuma Deluxe
"Zuma’s Revenge! Abenteuer" = Zuma’s Revenge! Abenteuer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PiccShare" = PiccShare
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2013 09:16:01 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xc70, Anwendungsstartzeit
01ce86dd9c9f7c5e.
Error - 22.07.2013 09:18:09 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xe48, Anwendungsstartzeit
01ce86dde8c496be.
Error - 22.07.2013 09:19:16 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xcdc, Anwendungsstartzeit
01ce86de10c7535e.
Error - 22.07.2013 09:20:23 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xf38, Anwendungsstartzeit
01ce86de38cc1b6e.
Error - 22.07.2013 09:21:29 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x5d4, Anwendungsstartzeit
01ce86de6057d34e.
Error - 22.07.2013 09:22:41 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x93c, Anwendungsstartzeit
01ce86de87bb13ce.
Error - 22.07.2013 09:23:47 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xd44, Anwendungsstartzeit
01ce86deb2a47d6e.
Error - 22.07.2013 09:24:54 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x528, Anwendungsstartzeit
01ce86deda136e1e.
Error - 22.07.2013 09:26:00 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xdcc, Anwendungsstartzeit
01ce86df018c1afe.
Error - 22.07.2013 09:27:06 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xca4, Anwendungsstartzeit
01ce86df28d9ef1e.
Error - 22.07.2013 09:28:12 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xfa0, Anwendungsstartzeit
01ce86df507b135e.
[ System Events ]
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7023
Description =
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7026
Description =
Error - 22.07.2013 03:49:20 | Computer Name = Gnubbi-Teilchen | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 22.07.2013 03:49:28 | Computer Name = Gnubbi-Teilchen | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7023
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-22 17:22:48
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Gnubbi\AppData\Local\Temp\awroqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600013f700 3 bytes [40, 83, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600013f704 3 bytes [C1, BB, FA]
---- User code sections - GMER 2.1 ----
.reloc C:\Windows\system32\services.exe [664] section is executable [0x4A8, 0xA0000020] 000000010005f000
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075ad8100 5 bytes JMP 0000000100bf000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075af2444 5 bytes JMP 0000000100c0000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000756d9f3e 5 bytes JMP 0000000100bd000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000737b4be0 5 bytes JMP 0000000100bb000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000737d0451 5 bytes JMP 0000000100bc000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000004411a8 2 bytes [44, 00]
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 249 000000000044127e 2 bytes CALL 7558186e C:\Windows\syswow64\kernel32.dll
.text ... * 6
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000004413a8 2 bytes [44, 00]
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000000441422 2 bytes [44, 00]
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000000441498 2 bytes [44, 00]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [664:704] 0000000000a71e58
Thread C:\Windows\system32\services.exe [664:824] 0000000000b01808
Thread C:\Windows\system32\services.exe [664:3496] 0000000000fd4c70
Thread C:\Windows\system32\services.exe [664:2896] 0000000000fd4550
Thread C:\Windows\system32\services.exe [664:1700] 0000000000fd8e90
Thread C:\Windows\SysWOW64\svchost.exe [3508:3792] 0000000074d48920
Thread C:\Windows\SysWOW64\svchost.exe [3508:4056] 0000000074d482a0
Thread C:\Windows\SysWOW64\svchost.exe [3508:3620] 0000000074d48260
Thread C:\Windows\SysWOW64\svchost.exe [3508:1844] 0000000074d480e0
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [608] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [676] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [944] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [368] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [320] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [524] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1040] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1180] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1668] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{7522cba3-6a98-41e9-a9be-139b668109e5}@Dhcpv6State 0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Files - GMER 2.1 ----
File C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui 41984 bytes executable
File C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui 20480 bytes executable
File C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui 59392 bytes executable
---- EOF - GMER 2.1 ----
Geändert von Phaitan (22.07.2013 um 16:58 Uhr) Grund: Tippfehler |
| Themen zu TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC |
| amazon-icon, antivir, autorun, avira, bho, black, browser, converter, entfernen, error, firefox, flash player, home, install.exe, intranet, kommt immer wieder, logfile, mozilla, mp3, object, piccshare, plug-in, popup, problem, realtek, registry, scan, security, snoozer, software, somoto, svchost.exe, vista, win32k.sys, windows |
Baum-Darstellung