Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren

rutunwiess · 25.07.2013, 17:18

Hallo,

ich suche Hilfe bei der Beseitung einer Malware. Diese leitet google Anfragen um. Außerdem lässt sich das Windows Sicherheitscenter nicht öffnen.

Leider war ich bevor ich diese Seite gefunden habe auf einer anderen Seite, die u.a. die Anwendung von Combofix empfohlen hat. Habe hier ja schon gelesen, dass das ggfs. nicht optimal war.... Ansonsten habe ich den tdskiller, malewarebytes, spybot und div. Virenscanner (Avira, Trendmirco, f secure) getestet. Leider nicht erfolgreich.

Beim erstellen der Logfiles ist GMER (v. 2.1.19163) zwei Mal abgestürtzt, daher fehlt das Logfile. Zudem wurde keine extra.txt erstellt. Daher packe ich die extra.txt von einem Scan von gestern abend dabei.

Es würde mich sehr freuen, wenn ihr mir helfen könntet!

Vielen Dank im Voraus für eure Mühen und Hilfe

rutunwiess

cosinus · 25.07.2013, 17:20

Hallo und

Zitat:

Leider war ich bevor ich diese Seite gefunden habe auf einer anderen Seite, die u.a. die Anwendung von Combofix empfohlen hat. Habe hier ja schon gelesen, dass das ggfs. nicht optimal war.... Ansonsten habe ich den tdskiller, malewarebytes, spybot und div. Virenscanner (Avira, Trendmirco, f secure) getestet. Leider nicht erfolgreich.

Bitte alle Logs nachreichen

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

rutunwiess · 25.07.2013, 21:02

Vielen Dank für die schnelle Antwort. Leider habe ich die bereits gelöscht. Wiederherstellung hat nicht funktioniert. Ich hoffe, es ist trotzdem möglch den Virus/... zu beseitigen.

cosinus · 25.07.2013, 21:07

Warum bitte löscht du die Logs?

Hatte Malwarebytes etwas gefunden? Die Logs von Malwarebytes sind im Programm selbst im Reiter Logdateien zu sehen

rutunwiess · 25.07.2013, 21:20

Habe doch noch Logfiles gefunden. Gelöscht habe ich die Tools die - aus meiner Sicht - keinen Effekt hatten.

Ich hoffe du kannst damit was anfangen. Malwarebytes hatte nichts gefunden oder zu mindest nichts, was weitergeholfen hat.

Besten Dank für die Hilfe!

cosinus · 25.07.2013, 21:55

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

rutunwiess · 25.07.2013, 22:11

Es sind beide Dateien erstellt worden. Ich hoffe ich poste das richtig:

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2013
Ran by Acer at 2013-07-25 22:59:39
Running from C:\Users\Acer\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer Arcade Deluxe (x32 Version: 4.0.7615)
Acer Arcade Movie (x32 Version: 9.0.6423)
Acer Backup Manager (x32 Version: 2.0.0.60)
Acer Crystal Eye webcam (x32 Version: 1.0.3.0)
Acer eRecovery Management (x32 Version: 4.05.3011)
Acer PowerSmart Manager (x32 Version: 5.02.3003)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0222.2010)
Acer Updater (x32 Version: 1.02.3001)
Acer VCM (x32 Version: 4.05.3002)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (x32 Version: 5.0.1.25)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.23)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Avira Professional Security (x32 Version: 13.0.0.3737)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0421.657.10561)
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561)
CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561)
CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561)
CCC Help Czech (x32 Version: 2010.0421.0656.10561)
CCC Help Danish (x32 Version: 2010.0421.0656.10561)
CCC Help Dutch (x32 Version: 2010.0421.0656.10561)
CCC Help English (x32 Version: 2010.0421.0656.10561)
CCC Help Finnish (x32 Version: 2010.0421.0656.10561)
CCC Help French (x32 Version: 2010.0421.0656.10561)
CCC Help German (x32 Version: 2010.0421.0656.10561)
CCC Help Greek (x32 Version: 2010.0421.0656.10561)
CCC Help Hungarian (x32 Version: 2010.0421.0656.10561)
CCC Help Italian (x32 Version: 2010.0421.0656.10561)
CCC Help Japanese (x32 Version: 2010.0421.0656.10561)
CCC Help Korean (x32 Version: 2010.0421.0656.10561)
CCC Help Norwegian (x32 Version: 2010.0421.0656.10561)
CCC Help Polish (x32 Version: 2010.0421.0656.10561)
CCC Help Portuguese (x32 Version: 2010.0421.0656.10561)
CCC Help Russian (x32 Version: 2010.0421.0656.10561)
CCC Help Spanish (x32 Version: 2010.0421.0656.10561)
CCC Help Swedish (x32 Version: 2010.0421.0656.10561)
CCC Help Thai (x32 Version: 2010.0421.0656.10561)
CCC Help Turkish (x32 Version: 2010.0421.0656.10561)
ccc-core-static (x32 Version: 2010.0421.657.10561)
ccc-utility64 (Version: 2010.0421.657.10561)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.03103)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
eaner (Version: 4.03)
FreeFileSync 5.15 (x32 Version: 5.15)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
iTunes (Version: 11.0.2.26)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.7)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Digital Experience (x32 Version: 7.50.004)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 16.002.03.01.40)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NTI Backup Now 5 (x32 Version: 5.1.2.628)
NTI Backup Now Standard (x32 Version: 5.1.2.628)
NTI Media Maker 8 (x32 Version: 8.0.12.6630)
Optical Drive Power Management (x32 Version: 1.01.3007)
PDFCreator (x32 Version: 1.0.2)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.74.80.86)
Recuva (Version: 1.47)
Synaptics Pointing Device Driver (Version: 15.0.12.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.7 (Version: 2.0.7)
Welcome Center (x32 Version: 1.01.3002)
WIDCOMM Bluetooth Software (Version: 6.3.0.4300)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinPcap 4.1.1 (x32 Version: 4.1.0.1753)

==================== Restore Points  =========================

20-07-2013 13:33:00 Removed Skype™ 5.10
20-07-2013 14:08:30 Removed Java 7 Update 25 (64-bit)
20-07-2013 14:10:59 Removed Nikon Message Center 2.
20-07-2013 14:32:27 Removed Nero BurnLite 10.
20-07-2013 14:33:59 Removed Nero BurnLite 10.
21-07-2013 17:37:54 Installed SpyHunter
21-07-2013 17:53:01 Removed SpyHunter
23-07-2013 22:09:03 Removed F-Secure

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-20 13:18 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0FDFD06E-FF41-4E66-8C80-ADAE37D45DEB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-14] (Microsoft Corporation)
Task: {1E48B820-2671-4D7B-90C7-B4268F2E52BB} - System32\Tasks\{2163F958-4A19-4085-BA5D-6744AE15E3E0} => C:\Program Files (x86)\Skype\\Phone\Skype.exe No File
Task: {43E95FAE-D1A5-4D91-909D-6BE1766F7A27} - System32\Tasks\{1010A3C8-2A03-410C-A15C-E2F78FDF0A91} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2010-01-08] ()
Task: {8B4EB40C-AA14-46C1-9032-B3B358627D73} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {8F7A1C86-9407-4C70-B758-CFB22FAA774B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {C58624C5-7DDC-4984-B5A8-93AF23DE929E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {FBE1231B-BEAC-4C52-9F2B-DBECB05C76B1} - System32\Tasks\WGDQJDLY => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\WGDQJDLY.job => C:\Windows\system32\rundll32.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2013 10:18:54 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von ACER-PC (192.168.2.102) ist fehlgeschlagen.
Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich. .
Es wurden keine neuen Dateien geladen.

Error: (07/25/2013 09:53:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (07/25/2013 09:53:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (07/25/2013 09:27:30 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von ACER-PC (192.168.2.102) ist fehlgeschlagen.
Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich. .
Es wurden keine neuen Dateien geladen.

Error: (07/25/2013 08:52:52 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von ACER-PC (192.168.2.102) ist fehlgeschlagen.
Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich. .
Es wurden keine neuen Dateien geladen.

Error: (07/25/2013 08:27:31 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von ACER-PC (127.0.0.1) ist fehlgeschlagen.
Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich. .
Es wurden keine neuen Dateien geladen.

Error: (07/25/2013 07:27:32 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von ACER-PC (127.0.0.1) ist fehlgeschlagen.
Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich. .
Es wurden keine neuen Dateien geladen.

Error: (07/25/2013 06:01:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000218a
ID des fehlerhaften Prozesses: 0xad4
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (07/25/2013 05:55:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000218a
ID des fehlerhaften Prozesses: 0x12f0
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (07/23/2013 07:40:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc8ba
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be035
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000ca46e
ID des fehlerhaften Prozesses: 0x1548
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3


System errors:
=============
Error: (07/25/2013 10:25:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (07/25/2013 10:19:54 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (07/25/2013 10:00:48 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (07/25/2013 06:18:11 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/25/2013 06:17:51 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (07/25/2013 05:47:53 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Trend Micro Solution Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/25/2013 05:24:51 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/25/2013 05:24:29 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (07/25/2013 04:46:42 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (07/24/2013 11:01:12 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.


Microsoft Office Sessions:
=========================
Error: (07/25/2013 10:18:54 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: ACER-PC (192.168.2.102)Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich.

Error: (07/25/2013 09:53:59 PM) (Source: SideBySide)(User: )
Description: C:\Users\Acer\Desktop\wiederhergestellt\$RGJK56D_1.exeC:\Users\Acer\Desktop\wiederhergestellt\$RGJK56D_1.exe1

Error: (07/25/2013 09:53:59 PM) (Source: SideBySide)(User: )
Description: C:\Users\Acer\Desktop\wiederhergestellt\$RGJK56D.exeC:\Users\Acer\Desktop\wiederhergestellt\$RGJK56D.exe1

Error: (07/25/2013 09:27:30 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: ACER-PC (192.168.2.102)Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich.

Error: (07/25/2013 08:52:52 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: ACER-PC (192.168.2.102)Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich.

Error: (07/25/2013 08:27:31 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: ACER-PC (127.0.0.1)Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich.

Error: (07/25/2013 07:27:32 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: ACER-PC (127.0.0.1)Ein vorhergehendes Update hat einen Systemneustart verlangt. Solange dieser nicht ausgeführt wurde sind keine weiteren Updates möglich.

Error: (07/25/2013 06:01:23 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218aad401ce894f93474e1fC:\Users\Acer\Desktop\gmer_2.1.19163.exeC:\Users\Acer\Desktop\gmer_2.1.19163.exe73aa2fea-f543-11e2-9802-c80aa9c3122d

Error: (07/25/2013 05:55:13 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a12f001ce894eba4dace2C:\Users\Acer\Desktop\gmer_2.1.19163.exeC:\Users\Acer\Desktop\gmer_2.1.19163.exe971202f5-f542-11e2-9802-c80aa9c3122d

Error: (07/23/2013 07:40:45 PM) (Source: Application Error)(User: )
Description: LogonUI.exe6.1.7600.163854a5bc8baRPCRT4.dll6.1.7600.163854a5be035c000000500000000000ca46e154801ce87cbc0845f1dC:\Windows\system32\LogonUI.exeC:\Windows\system32\RPCRT4.dll00142155-f3bf-11e2-bd82-c80aa9c3122d


CodeIntegrity Errors:
===================================
  Date: 2013-07-21 20:23:55.970
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-21 20:23:55.877
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-21 20:23:55.783
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-21 20:23:55.689
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-20 13:18:08.942
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-20 13:18:08.848
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-20 13:18:08.739
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-20 13:18:08.645
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-19 23:07:17.131
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-19 23:07:17.022
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3766.69 MB
Available physical RAM: 2270.96 MB
Total Pagefile: 7531.51 MB
Available Pagefile: 5832.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:375.07 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3332CDC6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Frst.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Acer (administrator) on 25-07-2013 22:58:16
Running from C:\Users\Acer\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-04-23] (Acer Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-04-23] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-25] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360910v016l04f3z195t5771k058
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360910v016l04f3z195t5771k058
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360910v016l04f3z195t5771k058
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{28CF71B1-C5F5-489E-A8D1-B78DB4D122FC}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{882555BA-48E3-4A14-A667-6BB29BC3DDC3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{9F04B3EB-8FB2-48B1-B500-61D96EEEDC20}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{D90F0654-147D-4290-AF09-7AD815E1EABE}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\u6ha7sq9.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_b3592212dfcd4e1d8b7aa7944a6bb16b_18_38_20130129_DE_ff_ab_OC1&query=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\u6ha7sq9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_cr_de_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_b3592212dfcd4e1d8b7aa7944a6bb16b_18_38_20130129_DE_cr_sp_OC1"
CHR DefaultSearchURL: (Amazon) - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_cr_de_display?ie=UTF8&tag=bds-p18-serp-de-cr-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_b3592212dfcd4e1d8b7aa7944a6bb16b_18_38_20130129_DE_cr_ds_OC1&query={searchTerms}
CHR DefaultSuggestURL: (Amazon) - hxxp://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome
CHR Extension: (Ask Toolbar) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaancpgahgbfdfppkbiflhbfhfbeoeh\7.15.12.0_0
CHR Extension: (Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirFireWallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [654392 2013-07-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-07-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-25] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-04-23] (Acer Incorporated)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-01-25] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-01-25] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
U4 vsserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 22:58 - 2013-07-25 22:58 - 00000000 ____D C:\FRST
2013-07-25 22:57 - 2013-07-25 22:57 - 01779761 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-25 22:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-25 22:25 - 2013-07-25 22:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Acer\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-25 22:16 - 2013-07-25 22:16 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-25 22:13 - 2013-07-25 22:13 - 00137048 _____ C:\TDSSKiller.zip
2013-07-25 22:06 - 2013-07-25 22:06 - 00150538 _____ C:\Logfiles.zip
2013-07-25 22:03 - 2013-07-25 22:03 - 00020053 _____ C:\Users\Acer\Desktop\ComboFix.txt
2013-07-25 21:52 - 2013-07-25 21:53 - 00000000 ____D C:\Users\Acer\Desktop\wiederhergestellt
2013-07-25 18:28 - 2013-07-25 18:28 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Avira
2013-07-25 18:27 - 2013-07-25 18:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-25 18:27 - 2013-03-06 15:19 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-25 18:27 - 2013-02-26 16:48 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-25 18:27 - 2013-02-26 16:48 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-25 18:27 - 2013-01-25 09:40 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-07-25 18:27 - 2013-01-25 09:40 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-07-25 18:25 - 2013-07-25 18:25 - 00000000 ____D C:\Program Files\Recuva
2013-07-25 18:17 - 2013-07-25 22:00 - 01088766 _____ C:\Windows\PFRO.log
2013-07-25 18:17 - 2013-07-25 18:18 - 00001928 _____ C:\Windows\system32\TmInstall.log
2013-07-25 17:50 - 2013-07-25 20:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-25 17:30 - 2013-07-25 17:30 - 00000470 _____ C:\Users\Acer\Desktop\defogger_disable.log
2013-07-25 17:30 - 2013-07-25 17:30 - 00000000 _____ C:\Users\Acer\defogger_reenable
2013-07-25 17:24 - 2013-07-25 22:19 - 00000560 _____ C:\Windows\setupact.log
2013-07-25 17:24 - 2013-07-25 17:24 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 17:21 - 2013-07-25 17:21 - 00050477 _____ C:\Users\Acer\Desktop\Defogger.exe
2013-07-25 17:18 - 2013-07-25 17:18 - 00000758 _____ C:\Users\Acer\Desktop\test.log
2013-07-25 17:17 - 2013-07-25 17:17 - 00377856 _____ C:\Users\Acer\Desktop\gmer_2.1.19163.exe
2013-07-24 20:05 - 2013-07-24 20:05 - 00602112 _____ (OldTimer Tools) C:\Users\Acer\Desktop\OTL.exe
2013-07-24 18:41 - 2013-07-25 17:49 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-24 18:41 - 2013-07-25 17:48 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-24 18:40 - 2013-07-24 18:40 - 00000036 _____ C:\Users\Acer\AppData\Local\housecall.guid.cache
2013-07-24 18:31 - 2013-07-24 19:09 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-24 18:30 - 2013-07-24 18:30 - 00080364 _____ C:\ProgramData\1374683406.bdinstall.bin
2013-07-24 18:30 - 2013-07-24 18:30 - 00022926 _____ C:\ProgramData\1374683403.bdinstall.bin
2013-07-24 00:08 - 2013-07-24 00:08 - 00170264 _____ C:\ProgramData\1374617213.bdinstall.bin
2013-07-24 00:02 - 2013-07-24 19:09 - 00000000 ____D C:\Program Files\Bitdefender
2013-07-24 00:02 - 2013-07-24 00:02 - 00318807 _____ C:\ProgramData\1374616668.bdinstall.bin
2013-07-23 23:58 - 2013-07-23 23:58 - 00000000 ____D C:\ProgramData\Bitdefender
2013-07-23 23:56 - 2013-07-24 00:02 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-07-23 22:18 - 2013-07-23 22:30 - 00019411 _____ C:\Windows\prodsett_copy.ini
2013-07-23 22:07 - 2013-07-24 00:12 - 00000000 ____D C:\ProgramData\F-Secure
2013-07-21 20:54 - 2013-07-21 20:54 - 00000000 ___SD C:\uninstall
2013-07-21 20:43 - 2013-07-21 20:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-21 20:37 - 2013-07-21 20:37 - 00016103 _____ C:\AdwCleaner[S1].txt
2013-07-21 20:36 - 2013-07-21 20:36 - 00016200 _____ C:\AdwCleaner[R1].txt
2013-07-21 20:28 - 2013-07-21 20:28 - 00020053 _____ C:\ComboFix.txt
2013-07-21 19:56 - 2013-07-21 20:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-21 19:37 - 2013-07-21 19:54 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-07-20 18:54 - 2013-07-20 18:59 - 00473026 _____ C:\Windows\SysWOW64\~.tmp
2013-07-20 16:51 - 2013-07-20 16:51 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-20 16:51 - 2013-07-20 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-20 15:23 - 2013-07-20 15:23 - 00000000 ____D C:\Users\Acer\Documents\Dropbox
2013-07-20 13:38 - 2013-07-25 18:27 - 00000000 ____D C:\ProgramData\Avira
2013-07-20 12:57 - 2013-07-20 12:57 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 12:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-20 12:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-20 12:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-20 12:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-20 12:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-20 12:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-20 12:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-20 12:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-20 00:59 - 2013-07-20 00:59 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-20 00:19 - 2013-07-20 00:19 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2013-07-20 00:19 - 2013-07-20 00:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:56 - 2013-07-19 23:56 - 00000000 ____D C:\Program Files\VideoLAN
2013-07-19 22:52 - 2013-07-20 12:34 - 00000000 ____D C:\Windows\erdnt
2013-07-19 22:35 - 2013-07-20 13:38 - 00000000 ____D C:\Users\Acer\Documents\system
2013-07-19 22:29 - 2013-07-19 22:29 - 00000000 _____ C:\autoexec.bat
2013-07-19 22:28 - 2013-07-20 00:11 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-19 22:28 - 2013-07-19 22:28 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-19 22:11 - 2013-07-19 22:11 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-19 21:58 - 2013-07-19 22:09 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-19 21:58 - 2013-07-19 22:09 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-18 20:14 - 2013-07-24 19:02 - 00092420 _____ C:\Users\Acer\Desktop\Zeitplan Diss.pptx

==================== One Month Modified Files and Folders =======

2013-07-25 22:58 - 2013-07-25 22:58 - 00000000 ____D C:\FRST
2013-07-25 22:57 - 2013-07-25 22:57 - 01779761 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2013-07-25 22:31 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 22:31 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 22:27 - 2013-07-25 22:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-25 22:26 - 2013-07-25 22:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Acer\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-25 22:19 - 2013-07-25 17:24 - 00000560 _____ C:\Windows\setupact.log
2013-07-25 22:19 - 2013-05-23 19:04 - 00000308 _____ C:\Windows\Tasks\WGDQJDLY.job
2013-07-25 22:19 - 2010-08-20 18:06 - 01584011 _____ C:\Windows\WindowsUpdate.log
2013-07-25 22:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 22:16 - 2013-07-25 22:16 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-25 22:13 - 2013-07-25 22:13 - 00137048 _____ C:\TDSSKiller.zip
2013-07-25 22:06 - 2013-07-25 22:06 - 00150538 _____ C:\Logfiles.zip
2013-07-25 22:03 - 2013-07-25 22:03 - 00020053 _____ C:\Users\Acer\Desktop\ComboFix.txt
2013-07-25 22:00 - 2013-07-25 18:17 - 01088766 _____ C:\Windows\PFRO.log
2013-07-25 21:53 - 2013-07-25 21:52 - 00000000 ____D C:\Users\Acer\Desktop\wiederhergestellt
2013-07-25 21:52 - 2010-09-15 23:10 - 00000000 ____D C:\Users\Acer
2013-07-25 20:52 - 2013-07-25 17:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-25 18:28 - 2013-07-25 18:28 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Avira
2013-07-25 18:27 - 2013-07-25 18:27 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-25 18:27 - 2013-07-20 13:38 - 00000000 ____D C:\ProgramData\Avira
2013-07-25 18:25 - 2013-07-25 18:25 - 00000000 ____D C:\Program Files\Recuva
2013-07-25 18:22 - 2010-08-21 03:58 - 00657910 _____ C:\Windows\system32\perfh007.dat
2013-07-25 18:22 - 2010-08-21 03:58 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-07-25 18:22 - 2009-07-14 07:13 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 18:18 - 2013-07-25 18:17 - 00001928 _____ C:\Windows\system32\TmInstall.log
2013-07-25 17:49 - 2013-07-24 18:41 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-25 17:48 - 2013-07-24 18:41 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-25 17:30 - 2013-07-25 17:30 - 00000470 _____ C:\Users\Acer\Desktop\defogger_disable.log
2013-07-25 17:30 - 2013-07-25 17:30 - 00000000 _____ C:\Users\Acer\defogger_reenable
2013-07-25 17:24 - 2013-07-25 17:24 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 17:21 - 2013-07-25 17:21 - 00050477 _____ C:\Users\Acer\Desktop\Defogger.exe
2013-07-25 17:18 - 2013-07-25 17:18 - 00000758 _____ C:\Users\Acer\Desktop\test.log
2013-07-25 17:17 - 2013-07-25 17:17 - 00377856 _____ C:\Users\Acer\Desktop\gmer_2.1.19163.exe
2013-07-24 20:05 - 2013-07-24 20:05 - 00602112 _____ (OldTimer Tools) C:\Users\Acer\Desktop\OTL.exe
2013-07-24 19:09 - 2013-07-24 18:31 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-24 19:09 - 2013-07-24 00:02 - 00000000 ____D C:\Program Files\Bitdefender
2013-07-24 19:02 - 2013-07-18 20:14 - 00092420 _____ C:\Users\Acer\Desktop\Zeitplan Diss.pptx
2013-07-24 18:41 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-24 18:40 - 2013-07-24 18:40 - 00000036 _____ C:\Users\Acer\AppData\Local\housecall.guid.cache
2013-07-24 18:30 - 2013-07-24 18:30 - 00080364 _____ C:\ProgramData\1374683406.bdinstall.bin
2013-07-24 18:30 - 2013-07-24 18:30 - 00022926 _____ C:\ProgramData\1374683403.bdinstall.bin
2013-07-24 00:12 - 2013-07-23 22:07 - 00000000 ____D C:\ProgramData\F-Secure
2013-07-24 00:08 - 2013-07-24 00:08 - 00170264 _____ C:\ProgramData\1374617213.bdinstall.bin
2013-07-24 00:02 - 2013-07-24 00:02 - 00318807 _____ C:\ProgramData\1374616668.bdinstall.bin
2013-07-24 00:02 - 2013-07-23 23:56 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-07-23 23:58 - 2013-07-23 23:58 - 00000000 ____D C:\ProgramData\Bitdefender
2013-07-23 22:30 - 2013-07-23 22:18 - 00019411 _____ C:\Windows\prodsett_copy.ini
2013-07-22 21:56 - 2010-05-14 06:10 - 00000000 ____D C:\ProgramData\Adobe
2013-07-21 20:54 - 2013-07-21 20:54 - 00000000 ___SD C:\uninstall
2013-07-21 20:50 - 2013-07-21 20:43 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-21 20:37 - 2013-07-21 20:37 - 00016103 _____ C:\AdwCleaner[S1].txt
2013-07-21 20:36 - 2013-07-21 20:36 - 00016200 _____ C:\AdwCleaner[R1].txt
2013-07-21 20:28 - 2013-07-21 20:28 - 00020053 _____ C:\ComboFix.txt
2013-07-21 20:24 - 2009-07-14 04:34 - 00000215 ____N C:\Windows\system.ini
2013-07-21 20:03 - 2010-09-30 18:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Digital Experience
2013-07-21 20:02 - 2013-07-21 19:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-21 19:54 - 2013-07-21 19:37 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-07-21 18:05 - 2010-09-15 23:32 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Adobe
2013-07-20 18:59 - 2013-07-20 18:54 - 00473026 _____ C:\Windows\SysWOW64\~.tmp
2013-07-20 16:51 - 2013-07-20 16:51 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-20 16:51 - 2013-07-20 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-20 16:51 - 2013-05-19 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-20 16:33 - 2011-01-29 08:09 - 00000000 ____D C:\ProgramData\Nero
2013-07-20 16:14 - 2011-08-09 12:47 - 00000000 ____H C:\ProgramData\PKP_DLev.DAT
2013-07-20 16:14 - 2011-08-09 12:47 - 00000000 ____H C:\ProgramData\PKP_DLet.DAT
2013-07-20 16:14 - 2011-08-09 12:47 - 00000000 ____H C:\ProgramData\PKP_DLes.DAT
2013-07-20 16:14 - 2011-08-09 12:47 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-07-20 16:08 - 2011-01-16 17:39 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-07-20 15:57 - 2012-02-26 13:31 - 00000000 ____D C:\Program Files (x86)\Pixum
2013-07-20 15:54 - 2010-11-14 23:20 - 00000000 ____D C:\Program Files (x86)\VDownloader
2013-07-20 15:34 - 2011-03-01 21:18 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2013-07-20 15:34 - 2011-03-01 21:18 - 00000000 ____D C:\ProgramData\Skype
2013-07-20 15:28 - 2013-01-29 16:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\NCH Software
2013-07-20 15:28 - 2011-02-16 14:27 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-20 15:28 - 2011-02-16 14:27 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-20 15:27 - 2012-04-16 15:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dropbox
2013-07-20 15:27 - 2010-09-15 23:12 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-20 15:23 - 2013-07-20 15:23 - 00000000 ____D C:\Users\Acer\Documents\Dropbox
2013-07-20 15:23 - 2012-04-16 15:46 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-07-20 13:38 - 2013-07-19 22:35 - 00000000 ____D C:\Users\Acer\Documents\system
2013-07-20 12:58 - 2013-05-25 16:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-20 12:57 - 2013-07-20 12:57 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-20 12:34 - 2013-07-19 22:52 - 00000000 ____D C:\Windows\erdnt
2013-07-20 11:50 - 2009-07-14 06:45 - 00416312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-20 00:59 - 2013-07-20 00:59 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-20 00:19 - 2013-07-20 00:19 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2013-07-20 00:19 - 2013-07-20 00:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-20 00:11 - 2013-07-19 22:28 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-19 23:59 - 2010-11-26 19:31 - 00000000 ____D C:\Users\Acer\AppData\Roaming\vlc
2013-07-19 23:56 - 2013-07-19 23:56 - 00000000 ____D C:\Program Files\VideoLAN
2013-07-19 23:16 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-19 23:10 - 2009-07-14 04:34 - 70778880 _____ C:\Windows\system32\config\software.bak
2013-07-19 23:10 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.bak
2013-07-19 23:10 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-07-19 23:10 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-07-19 23:10 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-07-19 22:34 - 2010-10-23 17:14 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-19 22:33 - 2011-05-23 09:50 - 00000000 ____D C:\Windows\Minidump
2013-07-19 22:31 - 2011-01-11 21:32 - 00000000 ____D C:\Program Files\CCleaner
2013-07-19 22:29 - 2013-07-19 22:29 - 00000000 _____ C:\autoexec.bat
2013-07-19 22:28 - 2013-07-19 22:28 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-19 22:11 - 2013-07-19 22:11 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-19 22:09 - 2013-07-19 21:58 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-19 22:09 - 2013-07-19 21:58 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-19 22:08 - 2010-10-25 14:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-19 22:02 - 2010-10-28 11:04 - 00000000 ____D C:\Users\Acer\AppData\Local\Adobe
2013-07-19 22:02 - 2010-05-14 06:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-19 22:00 - 2013-02-11 21:14 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 22:00 - 2011-09-26 19:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 21:59 - 2013-03-10 16:38 - 00000000 ____D C:\Users\Acer\AppData\Local\Apple Computer
2013-07-19 16:17 - 2013-06-05 08:58 - 00000000 ____D C:\Users\Acer\Documents\Diss
2013-07-16 12:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-15 21:18 - 2010-10-23 22:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 14:15 - 2013-03-14 08:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 14:15 - 2013-03-14 08:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-04 15:32 - 2013-01-22 17:03 - 00000000 ____D C:\Users\Acer\Desktop\Programme

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2010-11-27 14:38

==================== End Of Log ============================

--- --- ---

cosinus · 25.07.2013, 22:24

Ok, bitte ein Log mit MBAR machen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

rutunwiess · 26.07.2013, 05:36

MBAR hat nichts gefunden. Hier das Logfile:

mbar-log-2013-07-26 (05-51-51).txt

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.26.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Acer :: ACER-PC [administrator]

26.07.2013 05:51:51
mbar-log-2013-07-26 (05-51-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 245076
Time elapsed: 24 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Viele Grüße

rutunwiess

cosinus · 26.07.2013, 15:46

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

rutunwiess · 26.07.2013, 17:51

Logfile vergessen bitte nächsten Post beachten

rutunwiess · 26.07.2013, 17:54

Die Scans sind durch. Hier die Logfiles:

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.3 (07.25.2013:1)
OS: Windows 7 Home Premium x64
Ran by Acer on 26.07.2013 at 17:59:41,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Acer\appdata\locallow\nch_en"



~~~ FireFox

Emptied folder: C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\u6ha7sq9.default\minidumps [124 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.07.2013 at 18:04:04,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ich habe den Scan von adw einmal abgebrochen, da noch ein Programm offen war. Daher hat das Programm zwei Logfiles erstellt
AdwCleaner[S2].txt

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 26/07/2013 um 18:13:57 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Acer - ACER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Acer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

AdwCleaner[S3].txt

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 26/07/2013 um 18:14:43 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Acer - ACER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Acer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17267

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\u6ha7sq9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [16200 octets] - [21/07/2013 20:36:26]
AdwCleaner[S1].txt - [16103 octets] - [21/07/2013 20:37:13]
AdwCleaner[S2].txt - [316 octets] - [26/07/2013 18:13:57]
AdwCleaner[S3].txt - [1166 octets] - [26/07/2013 18:14:43]

########## EOF - C:\AdwCleaner[S3].txt - [1226 octets] ##########

otl.txt

Code:

ATTFilter

OTL logfile created on: 26.07.2013 18:18:27 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Acer\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 67,84% Memory free
7,35 Gb Paging File | 5,99 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 374,67 Gb Free Space | 82,77% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Acer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFireWallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360910v016l04f3z195t5771k058
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360910v016l04f3z195t5771k058
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360910v016l04f3z195t5771k058
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3424837846-777970416-319482341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3424837846-777970416-319482341-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3424837846-777970416-319482341-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-3424837846-777970416-319482341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3424837846-777970416-319482341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3424837846-777970416-319482341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_b3592212dfcd4e1d8b7aa7944a6bb16b_18_38_20130129_DE_ff_ab_OC1&query="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.19 22:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.19 22:11:39 | 000,000,000 | ---D | M]
 
[2010.10.23 17:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.07.25 16:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\u6ha7sq9.default\extensions
[2013.07.25 16:51:43 | 000,824,431 | ---- | M] () (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\u6ha7sq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.19 23:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.19 12:29:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.19 12:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.20 16:51:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_cr_de_display?ie=UTF8&tag=bds-p18-serp-de-cr-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_b3592212dfcd4e1d8b7aa7944a6bb16b_18_38_20130129_DE_cr_ds_OC1&query={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Ask Toolbar = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaancpgahgbfdfppkbiflhbfhfbeoeh\7.15.12.0_0\
CHR - Extension: Docs = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.07.20 13:18:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3424837846-777970416-319482341-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3424837846-777970416-319482341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3424837846-777970416-319482341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CF71B1-C5F5-489E-A8D1-B78DB4D122FC}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882555BA-48E3-4A14-A667-6BB29BC3DDC3}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F04B3EB-8FB2-48B1-B500-61D96EEEDC20}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6B33B68-AC8C-40D6-BAAD-A6A6F53B6F61}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D90F0654-147D-4290-AF09-7AD815E1EABE}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.19 22:29:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.26 17:59:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.26 17:53:44 | 000,561,140 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Acer\Desktop\JRT.exe
[2013.07.26 05:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.26 05:49:45 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\mbar
[2013.07.25 22:58:11 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.25 22:57:01 | 001,779,761 | ---- | C] (Farbar) -- C:\Users\Acer\Desktop\FRST64.exe
[2013.07.25 22:16:18 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.07.25 21:52:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\wiederhergestellt
[2013.07.25 18:28:16 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Avira
[2013.07.25 18:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.07.25 18:27:07 | 000,141,376 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.07.25 18:27:07 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.07.25 18:27:07 | 000,114,608 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.07.25 18:27:07 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.07.25 18:27:07 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.07.25 18:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.07.25 18:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.07.24 20:05:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2013.07.24 19:05:15 | 000,000,000 | ---D | C] -- C:\temp
[2013.07.24 18:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.07.24 18:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013.07.24 00:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.07.23 23:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013.07.23 23:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013.07.23 23:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2013.07.23 22:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2013.07.21 20:54:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.21 20:54:06 | 000,000,000 | --SD | C] -- C:\uninstall
[2013.07.21 20:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.07.21 19:56:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.07.20 16:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.07.20 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\Dropbox
[2013.07.20 13:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.07.20 12:38:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.20 12:38:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.20 12:38:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.20 00:59:44 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.07.20 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2013.07.20 00:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.19 23:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.07.19 22:52:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.19 22:35:21 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\system
[2013.07.19 22:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.19 22:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.07.19 22:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.07.19 22:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.07.19 21:58:57 | 001,093,032 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.07.19 21:58:57 | 000,972,712 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.07.16 12:14:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Acer\Desktop\*.tmp files -> C:\Users\Acer\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.26 18:23:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 18:23:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 18:15:46 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\WGDQJDLY.job
[2013.07.26 18:15:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.26 18:15:33 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.26 17:56:11 | 000,666,633 | ---- | M] () -- C:\Users\Acer\Desktop\adwcleaner.exe
[2013.07.26 17:53:45 | 000,561,140 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Acer\Desktop\JRT.exe
[2013.07.26 15:35:47 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.26 15:35:47 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.26 15:35:47 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.26 15:35:47 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.26 15:35:47 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.26 05:49:06 | 013,399,154 | ---- | M] () -- C:\Users\Acer\Desktop\mbar-1.06.0.1004.zip
[2013.07.25 22:57:42 | 001,779,761 | ---- | M] (Farbar) -- C:\Users\Acer\Desktop\FRST64.exe
[2013.07.25 22:16:07 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.07.25 22:13:04 | 000,137,048 | ---- | M] () -- C:\TDSSKiller.zip
[2013.07.25 22:06:21 | 000,150,538 | ---- | M] () -- C:\Logfiles.zip
[2013.07.25 17:48:53 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.07.25 17:30:58 | 000,000,000 | ---- | M] () -- C:\Users\Acer\defogger_reenable
[2013.07.25 17:21:52 | 000,050,477 | ---- | M] () -- C:\Users\Acer\Desktop\Defogger.exe
[2013.07.25 17:17:47 | 000,377,856 | ---- | M] () -- C:\Users\Acer\Desktop\gmer_2.1.19163.exe
[2013.07.24 20:05:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2013.07.24 18:40:37 | 000,000,036 | ---- | M] () -- C:\Users\Acer\AppData\Local\housecall.guid.cache
[2013.07.24 18:30:59 | 000,080,364 | ---- | M] () -- C:\ProgramData\1374683406.bdinstall.bin
[2013.07.24 18:30:06 | 000,022,926 | ---- | M] () -- C:\ProgramData\1374683403.bdinstall.bin
[2013.07.24 00:08:38 | 000,170,264 | ---- | M] () -- C:\ProgramData\1374617213.bdinstall.bin
[2013.07.24 00:02:17 | 000,318,807 | ---- | M] () -- C:\ProgramData\1374616668.bdinstall.bin
[2013.07.23 22:30:35 | 000,019,411 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2013.07.20 16:51:54 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.20 16:14:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013.07.20 16:14:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2013.07.20 16:14:17 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.07.20 13:18:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.20 11:50:05 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.20 00:59:44 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.07.19 22:29:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.19 22:09:56 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.07.19 22:09:56 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.07.19 22:00:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.07.19 22:00:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.27 10:58:11 | 000,214,591 | ---- | M] () -- C:\Users\Acer\Desktop\Mike Sandbothe_ Die pragmatische Wende des linguistic turn.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Acer\Desktop\*.tmp files -> C:\Users\Acer\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.26 17:56:11 | 000,666,633 | ---- | C] () -- C:\Users\Acer\Desktop\adwcleaner.exe
[2013.07.26 05:48:14 | 013,399,154 | ---- | C] () -- C:\Users\Acer\Desktop\mbar-1.06.0.1004.zip
[2013.07.25 22:13:04 | 000,137,048 | ---- | C] () -- C:\TDSSKiller.zip
[2013.07.25 22:06:20 | 000,150,538 | ---- | C] () -- C:\Logfiles.zip
[2013.07.25 17:30:58 | 000,000,000 | ---- | C] () -- C:\Users\Acer\defogger_reenable
[2013.07.25 17:21:52 | 000,050,477 | ---- | C] () -- C:\Users\Acer\Desktop\Defogger.exe
[2013.07.25 17:17:46 | 000,377,856 | ---- | C] () -- C:\Users\Acer\Desktop\gmer_2.1.19163.exe
[2013.07.24 18:41:58 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.07.24 18:40:37 | 000,000,036 | ---- | C] () -- C:\Users\Acer\AppData\Local\housecall.guid.cache
[2013.07.24 18:30:59 | 000,080,364 | ---- | C] () -- C:\ProgramData\1374683406.bdinstall.bin
[2013.07.24 18:30:06 | 000,022,926 | ---- | C] () -- C:\ProgramData\1374683403.bdinstall.bin
[2013.07.24 00:08:38 | 000,170,264 | ---- | C] () -- C:\ProgramData\1374617213.bdinstall.bin
[2013.07.24 00:02:16 | 000,318,807 | ---- | C] () -- C:\ProgramData\1374616668.bdinstall.bin
[2013.07.23 22:18:13 | 000,019,411 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013.07.20 16:51:54 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.07.20 16:51:54 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.20 12:38:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.20 12:38:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.20 12:38:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.20 12:38:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.20 12:38:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.19 22:29:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.19 22:02:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.27 10:58:10 | 000,214,591 | ---- | C] () -- C:\Users\Acer\Desktop\Mike Sandbothe_ Die pragmatische Wende des linguistic turn.pdf
[2013.05.23 19:04:39 | 000,212,992 | RHS- | C] () -- C:\Windows\SysWow64\winrssrvx.dll
[2011.08.09 12:47:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.08.09 12:47:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.09 12:47:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.10.11 19:39:22 | 000,003,584 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C64BF02A

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 26.07.2013 18:18:27 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Acer\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 67,84% Memory free
7,35 Gb Paging File | 5,99 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 374,67 Gb Free Space | 82,77% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3424837846-777970416-319482341-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B7E7DCB-F6B5-4816-BB20-B53DAABDDA35}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{107067A2-6C69-4B12-928D-972DC71D3FB6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{27202663-6E6D-4469-9DDD-C1C0D8A2CD03}" = lport=139 | protocol=6 | dir=in | app=system | 
"{47773C7A-4157-4A07-8A97-C857B588BF51}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4A28F1A4-DDD3-48B7-A75E-C27ECDEADC94}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{4CAF4EE9-A823-48A3-8390-37DC3DB310A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4EBA164E-4C46-4EC9-BA16-F5A0287DA007}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F2354A3-9E5C-4C17-A059-817670991FFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F243FD5-7147-4AB3-AC73-3A178866964F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{602768CF-3336-420C-8C4C-62B13FACCFD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{681C7449-54D2-43C1-9EA7-8DE402BF5C92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73567682-0C61-43A1-A3B8-C088609F4A77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{757B52BA-1292-4836-81A3-E9906A4DDEEE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7FED30FB-AA49-451F-85FA-B5304DE60E73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B3DC676-77BA-4F33-B633-36234369827E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8B702B4D-97B5-4B99-BA7D-1ECEB202AE58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A00CBAEF-6A8D-4874-9DD8-CFB2121AEE69}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A68474FF-69FD-484D-B834-2DB0BA7549B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AF05F378-CD53-4093-8FC7-A3EFBE56A665}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B2CBE798-4758-4BC3-9259-B389413FE604}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{B3278CF4-EE59-466E-A0AE-CC8FF7FB5EB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C02ACFAC-295F-439F-80CA-CA9D5402B7C3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C376EA61-D8E9-480F-AB96-7D24A6EC5AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E037366F-F197-44E3-B665-F11FF3672989}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E18C81B3-5F6D-416C-89CD-DDE8C8230DEE}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{E8EA1635-FC78-4757-B683-67404A25338D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1C9F11F-CFDB-4FC9-9F20-24AF51B327EB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FBA93351-1B36-4E0C-8037-A38F3908A268}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128C00F-582B-4475-B847-F636457DFE85}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{01CD345F-33CD-43EB-B550-7C3F905CB256}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{03CC065A-D2CD-41EE-8B92-CBF9A4E148F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{0ADBA047-5462-46B0-A860-0984AE5DAF4E}" = protocol=6 | dir=out | app=system | 
"{0DE0CFB7-1BBE-4D40-8DB7-97DBD34ADC18}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{10332517-1C02-4FFF-973B-9A3C9F322288}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{21AE7B22-C2C0-4634-89B8-2EEABE258349}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{26739F19-1295-4D12-98EF-D5280C61E00C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3386AE11-BC01-44A7-84FE-9825D166BFBA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft digital experience\microsoft.mdx.analyticsservice.exe | 
"{363EA205-ABC7-40EB-ADA5-F21A417CDA1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3F3A8A4C-E612-4211-90A2-F99655698A21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{49F62238-067F-47C3-9CC4-931DF5711172}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{54F56B47-3E58-4ED4-BFF0-A36C7C0B7D98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D388A43-C5CD-4B9E-AD8E-44530EAB7A46}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5DC3F428-7D0A-44AE-937A-319C4D78C727}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft digital experience\microsoft.mdx.analyticsservice.exe | 
"{6A6BA6EB-DADF-4748-9698-A7792C767EBE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6AD478CB-3FD0-48DE-BDFC-3D0D8DA30136}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6EDE12F0-F945-4347-A55F-69B1A17EED51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72C63E0D-296A-4958-B59B-C58BDC6F0D7E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{846FA53A-830D-4968-88C0-1BD6FA21A363}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{85CEFC1B-1663-46A0-8F3C-5D6CCAF0313D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F029995-FFE4-41E5-9E97-E035B225D41F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{984F4AB0-7539-4356-9DAC-36ADD83E8128}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9946C4E0-B671-4909-8A84-50B9F1FD61D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A4F6A759-A19A-4288-8372-6998D5F248E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A561C8C7-7D7C-4273-800F-29AF28CB3CFE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A761FAD6-FEB5-40F5-B2C1-1B2046CB67EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AC430837-C3B7-4DB0-817D-5BDCAC74E78B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ACA3C497-4136-4241-B941-D17208B8C502}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{B1239BAD-7374-4D88-B39A-4CC210C0ACA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B12EF70F-3ABA-4CEF-9C7D-F6AADD51E150}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B6239D00-273C-4FC5-9D03-E0C86F41FDC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BAD68FF9-7C79-4F14-857A-E7A6BFEE5045}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC767914-C52F-4242-B825-AC97FF3ED323}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{CE3DB85A-4EF3-4474-BB3D-52CF59E37F19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0595C9E-FF77-466F-AD20-8A787598F8EF}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E46A9179-F350-44E1-8B1E-8E53A9BDF8C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E637643D-B8A2-4B96-B161-59B0C8012361}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E8729FFD-2C97-4030-8E6B-E29EA452FCCE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{45EDB6D8-4439-494D-8C5A-A89D3469AAB9}C:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3300096F-6596-4BCD-A673-337947EDDBC3}C:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE30A99E-6F9B-40AE-9A2C-A98B1540AC2F}" = Microsoft Digital Experience
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Professional Security
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"FreeFileSync" = FreeFileSync 5.15
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3424837846-777970416-319482341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 26.07.2013 11:55:32 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 26.07.2013 11:55:32 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
Error - 26.07.2013 12:15:48 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
 Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
 WINDOWS_ERROR_CODE 
 
Error - 26.07.2013 12:15:48 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 26.07.2013 12:15:55 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 26.07.2013 12:16:04 | Computer Name = Acer-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 26.07.2013 12:16:05 | Computer Name = Acer-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1351 NULL object. Cannot establish a connection at this time.
 
Error - 26.07.2013 12:20:48 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 26.07.2013 12:20:48 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 26.07.2013 12:20:48 | Computer Name = Acer-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ System Events ]
Error - 26.07.2013 12:15:46 | Computer Name = Acer-PC | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147942402.
 
 
< End of report >

Vielen Dank deine Mühe!

rutunwiess

cosinus · 26.07.2013, 17:57

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2013.07.26 18:15:46 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\WGDQJDLY.job
[2013.07.20 16:14:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013.07.20 16:14:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2013.07.20 16:14:17 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.05.23 19:04:39 | 000,212,992 | RHS- | C] () -- C:\Windows\SysWow64\winrssrvx.dll
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C64BF02A
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

rutunwiess · 26.07.2013, 18:19

Vielen Dank! Hier das passende Logfile:

07262013_190905.txt

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Windows\Tasks\WGDQJDLY.job moved successfully.
C:\ProgramData\PKP_DLev.DAT moved successfully.
C:\ProgramData\PKP_DLes.DAT moved successfully.
C:\ProgramData\PKP_DLet.DAT moved successfully.
C:\Windows\SysWOW64\winrssrvx.dll moved successfully.
ADS C:\ProgramData\Temp:C64BF02A deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Acer\Desktop\cmd.bat deleted successfully.
C:\Users\Acer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Acer
->Temp folder emptied: 72334571 bytes
->Temporary Internet Files folder emptied: 800450 bytes
->Java cache emptied: 1007710 bytes
->FireFox cache emptied: 83469039 bytes
->Google Chrome cache emptied: 7529799 bytes
->Flash cache emptied: 534 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3431620 bytes
%systemroot%\System32 .tmp files removed: 473026 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13683327 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 174,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 07262013_190905

Files\Folders moved on Reboot...
C:\Users\Acer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 26.07.2013, 18:19

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

25.07.2013, 21:07	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren Warum bitte löscht du die Logs? Hatte Malwarebytes etwas gefunden? Die Logs von Malwarebytes sind im Programm selbst im Reiter Logdateien zu sehen __________________ Logfiles bitte immer in CODE-Tags posten

Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren

Log-Analyse und Auswertung: Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren