| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei - Trojaner, natoinal crime unitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2012, 21:20
| #1 |
| |  Bundespolizei - Trojaner, natoinal crime unit Hallo Trojaner-Board Team, ersteimal finde ich es toll das es so eine Seite überhapt gibt! Das ist nicht selbstverständlich. Macht weiter so! ZU MEINEM PROBLEM: ich habe mir heute auch einen nervigen BKA-Trojaner eingefangen. Ich war ganz normal im I-net unterwegs, allerdings lief eine Java Anwendung neben bei...vll ist das ja der Auslöser gewesen. Nun zu dem was ich bisher gemacht habe. -Strg.+Alt+Entf. Benutzer abgemeldet wieder neu angemeldet (dann hatte ich wieder eine normalen Desktop) - in Regestry den Taskmanager wieder verfügbar gemacht - Dann habe ich mich an eure Anleitung gehalten (>Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?<) 1.Malwarebytes: Scan durchgeführt (dabei wurden 4 Dateien gefunden > Entfernt > Neustart) 2 Defogger 3 OLT > Quuickscan (die Logs liegen bei) 4 bei GMER musste ich abbrechen, der Scan ging nicht mehr weiter...er war fast eine Stunde bei der gleichen Datei... hmmm... jetzt weis ich nicht ob der Trojaner weg ist oder noch Reste davon da sind. Der Rechner läuft bis jetzt eigentlich normal...bis jetzt getestet: Firefox Word Excel... Vielen Dank schon mal für die Hilfe Viele Grüße mbam log Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.05.02 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Max Power :: TU-144 [Administrator] 05.01.2012 16:22:49 mbam-log-2012-01-05 (17-55-07).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 458257 Laufzeit: 1 Stunde(n), 31 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files\HD Tune Pro\hd.tune.pro.4.60-patch.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. C:\Users\Max Power\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZHYP3RB\Testbundle23w_1254[1].exe (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Max Power\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\47fd24-6e11de96 (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. C:\Users\Max Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.20829944830510494.exe.lnk (Backdoor.Agent) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 05.01.2012 18:51:50 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Max Power\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 63,59% Memory free 7,00 Gb Paging File | 5,57 Gb Available in Paging File | 79,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,12 Gb Total Space | 17,77 Gb Free Space | 22,75% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 122,89 Gb Free Space | 31,46% Space Free | Partition Type: NTFS Drive E: | 462,66 Gb Total Space | 243,92 Gb Free Space | 52,72% Space Free | Partition Type: NTFS Drive I: | 931,51 Gb Total Space | 130,74 Gb Free Space | 14,04% Space Free | Partition Type: NTFS Computer Name: TU-144 | User Name: Max Power | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Max Power\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Max Power\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe () PRC - C:\Programme\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a72ed18d2df70f09c57cf914ce591306\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll () MOD - C:\Users\Max Power\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.7.gadget\GetCoreTempInfoNET.dll () MOD - C:\Users\Max Power\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.7.gadget\SystemInfo.dll () MOD - C:\Users\Max Power\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.7.gadget\CoreTempReader.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Autodesk Content Service) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe () SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Autodesk Network Licensing Service) -- C:\Programme\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 3B E7 18 1F AC CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.11.23 17:39:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.03 14:29:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.01 19:35:02 | 000,000,000 | ---D | M] [2011.08.08 17:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Power\AppData\Roaming\mozilla\Extensions [2011.08.08 17:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Power\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.11.09 16:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.03 14:29:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.02 17:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.02 17:06:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.02 17:06:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.02 17:06:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.02 17:06:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.02 17:06:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - Startup: C:\Users\Max Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max Power\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43EF6A6E-3A35-4BE6-8FC5-DF5E88DA7480}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.11.29 11:59:21 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2011.11.29 12:01:26 | 000,000,000 | ---D | M] - E:\Autodesk_Quantity_Takeoff_2012_German_SLD_Win_32Bit -- [ NTFS ] O32 - Unable to obtain root file information for disk I:\ O33 - MountPoints2\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\Shell - "" = AutoRun O33 - MountPoints2\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1F328098-A75B-1B55-7BB8-2986F742CBEE} - Microsoft Windows Media Player 12.0 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {461CA3C8-8626-1FB2-6FD4-052C63ACF99B} - Microsoft Windows Media Player ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6AAF4060-1422-F817-6DB7-7A66BB3C295B} - Microsoft Windows Media Player 12.0 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {798847DE-C78F-0C72-F42B-0B7EEA96EEE5} - Internet Explorer ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A1045333-80E1-86EB-20E3-002D4160422D} - Microsoft Windows Media Player ActiveX: {A68881CF-D41D-51A6-BF59-9BEF9A73D444} - Java (Sun) ActiveX: {B140B037-ED73-CB7F-899F-EF71DE16BAA0} - Browser Customizations ActiveX: {B7C0EB59-8B4C-D4A6-4D82-37CD48DC9E35} - Browser Customizations ActiveX: {BDF4E42D-EE42-FF29-2BE0-909255349F8B} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E0F04CB4-4B3D-ABDD-D264-52465EEE8AA3} - Browser Customizations ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: PDFPrint - hkey= - key= - E:\Programme\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.05 18:46:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Max Power\Desktop\OTL.exe [2012.01.05 16:00:40 | 000,000,000 | ---D | C] -- C:\Users\Max Power\AppData\Roaming\Malwarebytes [2012.01.05 16:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.05 16:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.05 16:00:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.05 16:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.04 11:15:37 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2012.01.04 11:15:37 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2012.01.04 11:15:37 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2012.01.04 11:15:37 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2012.01.04 11:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2012.01.04 11:12:56 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2012.01.04 11:12:56 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2012.01.04 11:12:56 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2012.01.04 11:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012.01.04 11:12:55 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2012.01.04 11:12:55 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2012.01.04 11:12:55 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2012.01.04 11:12:55 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2012.01.04 11:12:55 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2012.01.04 11:12:55 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2012.01.04 11:12:55 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2012.01.04 11:12:55 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2012.01.04 11:12:55 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2012.01.04 11:12:54 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2012.01.04 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft [2012.01.03 23:28:41 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Desktop\Ansichten [2012.01.02 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Desktop\Bewerbung Leipzig [2011.12.21 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Documents\dvd [2011.12.21 23:40:36 | 000,000,000 | ---D | C] -- C:\Users\Max Power\AppData\Roaming\DVD Flick [2011.12.21 23:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2011.12.21 23:40:27 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll [2011.12.21 23:40:27 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx [2011.12.21 23:40:27 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx [2011.12.15 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Documents\FIFA 12 [2011.12.15 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Desktop\Neuer Ordner [2011.12.11 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Navisworks 2012 [2011.12.11 22:17:48 | 000,000,000 | ---D | C] -- C:\Users\Max Power\AppData\Roaming\Autodesk Navisworks Exporters 2012 [2011.12.11 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk Navisworks Exporters 2012 [2011.10.24 16:21:19 | 000,024,920 | ---- | C] ( ) -- C:\Windows\System32\implode.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Max Power\Documents\*.tmp files -> C:\Users\Max Power\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.05 18:50:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.05 18:48:09 | 000,000,000 | ---- | M] () -- C:\Users\Max Power\defogger_reenable [2012.01.05 18:46:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max Power\Desktop\OTL.exe [2012.01.05 18:46:15 | 000,050,477 | ---- | M] () -- C:\Users\Max Power\Desktop\Defogger.exe [2012.01.05 18:03:28 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 18:03:28 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 17:57:33 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job [2012.01.05 17:57:28 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.05 17:57:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.05 17:56:59 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012.01.05 16:00:34 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.05 15:47:35 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.01.05 15:47:35 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.01.05 15:44:51 | 000,700,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.05 15:44:51 | 000,655,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.05 15:44:51 | 000,149,138 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.05 15:44:51 | 000,121,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.03 23:24:29 | 008,523,776 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt3BS.rvt [2012.01.03 23:22:38 | 000,066,823 | ---- | M] () -- C:\Users\Max Power\Documents\Variante1.dwg [2012.01.03 23:21:44 | 000,061,464 | ---- | M] () -- C:\Users\Max Power\Documents\Variante1.bak [2012.01.03 23:19:37 | 000,062,424 | ---- | M] () -- C:\Users\Max Power\Documents\Variante2.dwg [2012.01.03 23:17:13 | 000,001,935 | ---- | M] () -- C:\Users\Max Power\Documents\Variante2.pdf [2012.01.03 23:10:45 | 000,067,672 | ---- | M] () -- C:\Users\Max Power\Documents\Variante3.dwg [2012.01.03 22:58:23 | 000,067,160 | ---- | M] () -- C:\Users\Max Power\Documents\Variante2.bak [2012.01.03 22:42:53 | 000,000,202 | -H-- | M] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl2 [2012.01.03 22:42:53 | 000,000,052 | -H-- | M] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl [2012.01.03 22:17:01 | 008,523,776 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt3BS.0001.rvt [2012.01.03 22:16:44 | 003,711,271 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwg [2012.01.03 22:16:44 | 000,000,202 | -H-- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl2 [2012.01.03 22:16:44 | 000,000,052 | -H-- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl [2012.01.03 21:00:32 | 001,255,379 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_neu.xml [2012.01.03 17:39:41 | 003,164,939 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.bak [2012.01.03 16:50:22 | 000,083,366 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_22889707.pdf [2012.01.03 16:49:57 | 000,083,524 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_22114942.pdf [2012.01.03 16:49:04 | 000,082,118 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_22492949.pdf [2012.01.03 16:48:00 | 000,083,390 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_23325498.pdf [2012.01.02 13:02:44 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv [2011.12.28 16:31:26 | 000,001,456 | ---- | M] () -- C:\Users\Max Power\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.12.25 09:47:27 | 003,899,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.16 13:52:46 | 000,578,820 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen1.xml [2011.12.16 13:10:05 | 000,000,727 | ---- | M] () -- C:\Users\Max Power\Documents\acad.err [2011.12.16 08:31:45 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Allplan AutoUpdate 2011-1.job [2011.12.15 20:14:23 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\Fifa 12.lnk [2011.12.14 22:49:25 | 000,413,696 | ---- | M] () -- C:\Users\Max Power\Documents\D_Roadway.rfa [2011.12.14 22:49:21 | 000,573,440 | ---- | M] () -- C:\Users\Max Power\Documents\D_Deck.rfa [2011.12.14 22:49:18 | 000,397,312 | ---- | M] () -- C:\Users\Max Power\Documents\D_Barrier Right.rfa [2011.12.14 22:49:13 | 000,548,864 | ---- | M] () -- C:\Users\Max Power\Documents\D_Barrier Left.rfa [2011.12.14 22:49:08 | 000,442,368 | ---- | M] () -- C:\Users\Max Power\Documents\D_Road.rfa [2011.12.14 22:48:55 | 011,358,208 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.rvt [2011.12.14 22:24:03 | 011,296,768 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.0003.rvt [2011.12.14 21:50:33 | 010,891,264 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.0002.rvt [2011.12.14 20:47:43 | 008,880,128 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.0001.rvt [2011.12.14 19:45:52 | 000,650,245 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.xml [2011.12.12 00:08:00 | 009,031,680 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_sachsen1.rvt [2011.12.11 21:41:49 | 000,003,424 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_recover.dwg [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.07 22:02:25 | 000,276,460 | ---- | M] () -- C:\Users\Max Power\Documents\Elbbrücke.xml [2011.12.07 21:50:09 | 002,138,942 | ---- | M] () -- C:\Users\Max Power\Documents\Elbbrücke.dwg [2011.12.07 21:30:29 | 000,124,123 | ---- | M] () -- C:\Users\Max Power\Documents\Elbbrücke_1_1_2606.sv$.xml [2011.12.07 20:32:50 | 002,138,798 | ---- | M] () -- C:\Users\Max Power\Documents\Elbbrücke.bak [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Max Power\Documents\*.tmp files -> C:\Users\Max Power\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.05 18:48:09 | 000,000,000 | ---- | C] () -- C:\Users\Max Power\defogger_reenable [2012.01.05 18:46:09 | 000,050,477 | ---- | C] () -- C:\Users\Max Power\Desktop\Defogger.exe [2012.01.05 16:00:34 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.04 11:15:37 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012.01.04 11:12:55 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2012.01.04 11:12:55 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax [2012.01.04 11:12:55 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2012.01.04 11:12:55 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012.01.04 11:12:55 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2012.01.04 11:12:55 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2012.01.04 11:12:55 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2012.01.04 11:12:55 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2012.01.04 11:12:54 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2012.01.04 11:12:54 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2012.01.03 23:17:13 | 000,001,935 | ---- | C] () -- C:\Users\Max Power\Documents\Variante2.pdf [2012.01.03 22:42:53 | 000,067,672 | ---- | C] () -- C:\Users\Max Power\Documents\Variante3.dwg [2012.01.03 22:42:53 | 000,067,160 | ---- | C] () -- C:\Users\Max Power\Documents\Variante2.bak [2012.01.03 22:42:53 | 000,066,823 | ---- | C] () -- C:\Users\Max Power\Documents\Variante1.dwg [2012.01.03 22:42:53 | 000,062,424 | ---- | C] () -- C:\Users\Max Power\Documents\Variante2.dwg [2012.01.03 22:42:53 | 000,061,464 | ---- | C] () -- C:\Users\Max Power\Documents\Variante1.bak [2012.01.03 22:42:53 | 000,000,202 | -H-- | C] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl2 [2012.01.03 22:42:53 | 000,000,052 | -H-- | C] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl [2012.01.03 22:16:56 | 008,523,776 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt3BS.rvt [2012.01.03 22:16:56 | 008,523,776 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt3BS.0001.rvt [2012.01.03 21:00:30 | 001,255,379 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_neu.xml [2012.01.03 20:43:52 | 000,000,202 | -H-- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl2 [2012.01.03 20:43:52 | 000,000,052 | -H-- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl [2012.01.03 16:50:22 | 000,083,366 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_22889707.pdf [2012.01.03 16:49:57 | 000,083,524 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_22114942.pdf [2012.01.03 16:49:04 | 000,082,118 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_22492949.pdf [2012.01.03 16:48:00 | 000,083,390 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_23325498.pdf [2011.12.16 13:52:45 | 000,578,820 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen1.xml [2011.12.15 20:14:23 | 000,000,713 | ---- | C] () -- C:\Users\Public\Desktop\Fifa 12.lnk [2011.12.15 20:14:23 | 000,000,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa 12.lnk [2011.12.14 22:49:24 | 000,413,696 | ---- | C] () -- C:\Users\Max Power\Documents\D_Roadway.rfa [2011.12.14 22:49:20 | 000,573,440 | ---- | C] () -- C:\Users\Max Power\Documents\D_Deck.rfa [2011.12.14 22:49:17 | 000,397,312 | ---- | C] () -- C:\Users\Max Power\Documents\D_Barrier Right.rfa [2011.12.14 22:49:12 | 000,548,864 | ---- | C] () -- C:\Users\Max Power\Documents\D_Barrier Left.rfa [2011.12.14 22:49:07 | 000,442,368 | ---- | C] () -- C:\Users\Max Power\Documents\D_Road.rfa [2011.12.14 20:47:37 | 011,358,208 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.rvt [2011.12.14 20:47:37 | 011,296,768 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.0003.rvt [2011.12.14 20:47:37 | 010,891,264 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.0002.rvt [2011.12.14 20:47:37 | 008,880,128 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.0001.rvt [2011.12.12 00:07:54 | 009,031,680 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_sachsen1.rvt [2011.12.11 22:08:24 | 000,650,245 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.xml [2011.12.11 21:41:49 | 000,003,424 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_recover.dwg [2011.12.11 13:56:52 | 003,711,271 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwg [2011.12.11 13:56:52 | 003,164,939 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.bak [2011.12.07 21:24:58 | 000,124,123 | ---- | C] () -- C:\Users\Max Power\Documents\Elbbrücke_1_1_2606.sv$.xml [2011.12.07 20:46:34 | 000,276,460 | ---- | C] () -- C:\Users\Max Power\Documents\Elbbrücke.xml [2011.11.23 18:33:07 | 000,000,412 | ---- | C] () -- C:\Users\Max Power\AppData\Roaming\All CPU Meter_Settings.ini [2011.11.13 15:37:44 | 000,005,120 | ---- | C] () -- C:\Users\Max Power\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.13 14:46:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.11.09 20:56:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.09.25 09:28:41 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2011.09.01 17:04:13 | 000,000,132 | ---- | C] () -- C:\Users\Max Power\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.07.26 20:30:17 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A107F471DF.sys [2011.07.26 20:30:16 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.07.23 07:33:44 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2011.07.22 13:57:35 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.07.10 19:38:32 | 000,000,072 | ---- | C] () -- C:\Windows\QFP.ini [2011.06.15 21:18:48 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2011.06.15 21:16:17 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv [2011.06.15 21:16:16 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2011.06.13 21:12:01 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin [2011.05.28 16:30:16 | 000,001,456 | ---- | C] () -- C:\Users\Max Power\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.05.21 10:45:15 | 000,000,057 | ---- | C] () -- C:\Windows\fs9configurator.ini [2011.05.13 19:36:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.05.13 19:36:24 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.05.10 21:24:35 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.dat [2011.05.06 15:58:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe [2011.05.06 15:58:26 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini [2011.05.06 15:56:43 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 09:47:43 | 000,700,342 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,149,138 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 003,899,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,655,054 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,121,926 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.06.04 09:23:14 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll [2005.02.25 00:59:49 | 000,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll [2002.03.13 23:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll [1997.06.14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.06.21 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\4X_DATA [2011.07.23 07:53:54 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Atari [2011.11.30 18:43:21 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Autodesk [2011.12.11 22:17:48 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Autodesk Navisworks Exporters 2012 [2011.12.18 22:20:48 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Azureus [2011.10.09 20:15:43 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Bridge! [2011.08.09 18:40:25 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Canneverbe Limited [2011.07.26 21:06:50 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.29 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\DAEMON Tools Lite [2012.01.05 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Dropbox [2011.11.13 17:24:40 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Duden [2011.08.09 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\DVDVideoSoft [2011.07.13 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Graphisoft [2011.06.08 08:52:24 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\HD Tune Pro [2011.12.16 14:45:36 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\ICQ [2011.09.18 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\iJoysoft [2011.11.27 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Nemetschek [2011.06.15 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\pdf995 [2011.11.09 13:45:46 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\SmartDraw [2011.08.01 16:14:42 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\SPORE [2011.05.27 23:33:41 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.11.23 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Swiss Academic Software [2011.08.08 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\TomTom [2011.11.23 15:16:00 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Ubisoft [2011.11.13 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Video DVD Maker FREE [2011.12.16 08:31:45 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job [2011.12.26 16:26:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.05 17:57:33 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job [2011.10.24 16:25:26 | 000,000,646 | ---- | M] () -- C:\Windows\Tasks\WebContent AutoUpdate 2011.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.06 15:39:57 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.11.25 14:10:20 | 000,000,000 | ---D | M] -- C:\Civil 3D Project Templates [2011.11.25 14:10:20 | 000,000,000 | ---D | M] -- C:\Civil 3D Projects [2011.05.06 15:36:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.01 16:55:50 | 000,000,000 | ---D | M] -- C:\Graphics [2011.05.10 09:56:06 | 000,000,000 | ---D | M] -- C:\iFly Development Team [2011.05.06 15:42:13 | 000,000,000 | ---D | M] -- C:\Intel [2011.05.07 08:55:35 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.05.06 16:11:08 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.05 16:00:33 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.05 16:00:34 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.05.06 15:36:48 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.06 15:45:33 | 000,000,000 | ---D | M] -- C:\RaidTool [2011.05.06 15:36:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.05 18:53:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.16 11:10:19 | 000,000,000 | R--D | M] -- C:\Users [2011.11.13 15:37:25 | 000,000,000 | ---D | M] -- C:\videodvdmaker [2012.01.04 11:13:31 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\System32\drivers\afd.sys [2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys [2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys [2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys [2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys [2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-05 14:45:35 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.01.2012 18:51:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Max Power\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 63,59% Memory free
7,00 Gb Paging File | 5,57 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,12 Gb Total Space | 17,77 Gb Free Space | 22,75% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 122,89 Gb Free Space | 31,46% Space Free | Partition Type: NTFS
Drive E: | 462,66 Gb Total Space | 243,92 Gb Free Space | 52,72% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 130,74 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Computer Name: TU-144 | User Name: Max Power | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02250F8E-3EF9-41D3-9215-889DDA4A414B}_is1" = EIRESIM - Alicante Ultimate
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0976C02C-0F73-447D-9657-5318C0C45A05}" = aerosoft's - Budapest 2007 - FS2004
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D9CF86F-BA43-4159-A8AA-3A7C5FF5B00A}" = Bridge Modeler for AutoCAD® Civil 3D® 2012 on AutoCAD Civil 3D 2012 - German (Standard)
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1296225E-030B-4979-B515-323CE0FC7582}" = aerosoft's - Mallorca X for FS2004
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}" = PMDG747_400F
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack
"{1F121516-E175-4E0B-AC4D-42DD5164E396}_is1" = Need for Speed: The Run
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{27AA1674-74F1-43BB-8491-CB5C048541E2}" = GeoMedia Professional
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2F17C376-EDB7-455B-BC79-171F02F30CAE}" = Skysoft Simulation ZPMS 2011
"{33A2107C-7189-40B4-8AF3-043E016AE49B}" = aerosoft's - Keflavik
"{34BDC9DA-9320-491C-AA40-B0D98A0EBA9C}" = aerosoft's - Mega Airport Frankfurt - FS2004
"{36E015FF-26E3-470A-9631-0786D402D6C0}" = Autodesk Quantity Takeoff 2012
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A778807-F7E8-4829-973F-733B2277A67A}" = Skysoft Simulation ZUJZ - Jiuzhai Huanglong Airport
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ABDFABB-FA48-4BCA-9ECC-3EFC1E5143D2}" = aerosoft's - German Airports 2 - Dortmund
"{3B0DBBE5-89F3-4F12-87D8-A5A24E98A402}" = Revit Extensions
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F48E4DD-08FB-4B2A-9100-EEA4EFBB77F6}" = Revit Extensions for Autodesk Revit Structure 2010
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{45C5C113-AD43-414B-867D-7C0AF54276CB}" = Duden-Rechtschreibprüfung PLUS
"{46464A5D-7D14-41E3-9C26-E3C186F37D84}" = aerosoft's - German Airports 2 - Cologne-Bonn - FS2004
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4C4494AC-E3E4-4675-8973-1B6403429C02}" = aerosoft's - Lissabon 2008
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{50AE4FAB-3A8B-4640-A607-987BDB8FB863}" = aerosoft's - Nice Cote dAzur
"{51D199F4-5593-4BC9-B2A5-BB1CDE0C894A}" = aerosoft's - Mega Airport Paris CDG
"{55255E60-CD59-11DF-BD3B-0800200C9A66}" = Übungsprojekt Tutorial Architektur (mit Modell)
"{555C7DA8-8A43-4A5B-A5FB-137C07AA81D0}" = aerosoft's - Approaching Innsbruck 2004
"{5783F2D7-0111-0409-0010-0060B0CE6BBA}" = Autodesk CAD Manager Tools
"{5783F2D7-A000-0407-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
"{5783F2D7-A000-0407-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - Deutsch
"{5783F2D7-A001-0407-0002-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{5EDF1B95-251E-0409-8232-38B90D666EE2}" = Autodesk Navisworks 2012 32 bit Exporter Plug-ins English Language Pack
"{5EDF1B95-251E-406A-8232-38B90D666EE2}" = Autodesk Navisworks 2012 32 bit Exporter Plug-ins
"{608B7A43-D176-4309-8999-D772F9A01CD4}" = aerosoft's - German Airports 2 - Muenster-Osnabrueck
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65C68BC0-5F5D-4470-8E04-00CA4606C26C}" = Revit Extensions
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2207AE-45BA-40AF-A9FF-7866C8611ED5}" = PMDGMD11_FS9_GEF_WOF1
"{6C06AC26-DBD1-46E5-9863-33E7633566E5}" = ActiveSky Version 6 and ActiveSky Graphics
"{705F27B3-5B35-4EC4-A258-BF16D83BE22B}" = aerosoft's - German Airports 2 - Leipzig - FS2004
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7346B4A0-1200-0100-0409-705C0D862004}" = Revit Architecture 2012
"{7346B4A0-1200-0101-0409-705C0D862004}" = Revit Architecture 2012 Language Pack - English
"{7346B4A0-1200-0200-0407-705C0D862004}" = Revit Structure 2012
"{7346B4A0-1200-0201-0407-705C0D862004}" = Revit Structure 2012 Language Pack - Deutsch
"{7543FC90-B258-46C5-8238-507BB14D5139}" = Skysoft Simulation ZULZ - Luzhou Lantian Airport
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8440C171-F033-4410-B099-5BE38273A13B}" = CLOUD9 LosAngeles 1.01
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8BA8CE06-0C92-4A44-9924-2614DCD77F20}" = PMDG MD-11 FS9
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92617838-E49F-4184-B96C-64815B9B4697}" = PMDGMD11_FS9_GEF_GRF2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{939D29FC-B82D-42A7-BB1E-8E3F121505CC}" = Autodesk Revit Structure 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96879817-0731-44B2-952A-E2D64C9BFDED}" = Aerosoft's - Discus Glider X
"{974518D4-7C04-4B2D-AADC-0D4F303E275F}" = Crystal Reports Runtime
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{9A0906C7-D472-4C22-8D12-11D6AB2819E4}" = aerosoft's - German Airports 3 - Bremen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0663B00-3376-42C1-B719-995B9CB44DEF}" = Aerosoft's - Hawaii Dillingham X
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A624F5D8-DEBF-4827-86E9-7DE67BC750C4}" = Skysoft Simulation ZSOF - Hefei Luogang Int'l
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A91EDDC0-CD59-11DF-BD3B-0800200C9A66}" = Übungsprojekt Tutorial Ingenieurbau (mit Modell)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A981F05D-AFD4-4E7C-B4DB-FF6EE33F8DCE}" = PMDGMD11_FS9_PWF_FXF
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2BDE61B-0407-47F5-8890-8328102F0E3B}" = Autodesk QTO Language Pack - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2FBA9F9-4942-4254-877C-3EB2B731DD0C}_is1" = Bridge Repack by Der Jok3r Version 1.00
"{C732C76D-0010-1033-99BD-DDB8254216B8}" = Autodesk Showcase 2012 32-bit - English
"{C732C76D-7C3D-4DEB-99BD-DDB8254216B8}" = Autodesk Showcase 2012 32-bit - English
"{C8948D5A-ECB5-4EF0-AEA0-8564E3094DC4}" = Revit Extensions
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB131247-7869-47E1-9969-B29567C9B106}_is1" = LatinVFR - Crown Point Update v1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1D50FD9-9867-4139-858E-0C0448CECBA9}" = aerosoft's - German Airports 1 - Stuttgart
"{D234EAC0-7D49-492F-97EC-8FA09FD7C1C4}" = aerosoft's - German Airports 3 - Hamburg
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D41CAD6D-DB4C-4D7C-BABA-D1A4B1599741}" = aerosoft's - German Airports 3-Berlin Tegel
"{D4FB2856-E6EB-4864-A241-4587ED21A11B}" = aerosoft's - Brussels 2007
"{D641BAA9-0070-46A5-A313-21933A211851}" = Revit Extensions
"{D86B6E8D-F224-4BB6-B959-C8EDC5300B5D}" = aerosoft's - Mega Airport Stockholm Arlanda
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF71C8D1-9258-4504-89AF-BA80748CC0D2}" = Nemetschek Allplan 2011
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}" = Autodesk Network License Manager
"{ED654F5D-5DC9-46EA-9D10-621231527F98}" = FS9 Configurator
"{EE46B5D5-E62B-41CA-A2E1-2B4811F23E3B}" = Revit Extensions for Autodesk Revit Structure 2012
"{EE7D2735-9566-4E60-95AD-44282A7362BE}_is1" = Aerosoft - Gibraltar FS2004
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19BB7D3-FB87-4C96-A28B-45C59A0F5229}" = RPC Plug-in for Autodesk 3ds Max Design 2012 32-bit
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA61FF86-2479-D620-9F6B-655ADD4225B4}" = General Runtime Files for Allplan 2011-1 Release
"{FCEBDFA6-EED5-4B0B-8187-46AC14F96E57}" = PMDGMD11_FS9_PWF_WOF
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"763v2" = Level-D Simulations 767-300
"763v21" = Level-D Simulations 767-300 Update
"Active Camera 2004 patch for FS 9.1" = Active Camera 2004 patch for FS 9.1
"Active Camera 2004 update to version 2.1 (FS 9.1)" = Active Camera 2004 update to version 2.1 (FS 9.1)
"Active Camera 2004 version 2.0" = Active Camera 2004 version 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AKESOFT FORONDA-X FS9 1.00" = AKESOFT FORONDA-X FS9 1.00
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Navisworks 2012 32 bit Exporter Plug-ins" = Autodesk Navisworks 2012 32 bit Exporter Plug-ins
"Autodesk Quantity Takeoff 2012" = Autodesk Quantity Takeoff 2012
"Autodesk Revit Architecture 2012" = Autodesk Revit Architecture 2012
"Autodesk Revit Structure 2010" = Autodesk Revit Structure 2010
"Autodesk Revit Structure 2010 SP2" = Autodesk Revit Structure 2010 x86 Update 2
"Autodesk Revit Structure 2012" = Autodesk Revit Structure 2012
"Autodesk Showcase 2012 32-bit - English" = Autodesk Showcase 2012 32-bit - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BG9_is1" = Ben Gurion Airport for FS2004
"Bridge Building Game" = Bridge Building Game
"C337H SKYMASTER HD SERIES FSX" = C337H SKYMASTER HD SERIES FSX
"Carenado - C185F Skywagon FSX" = Carenado - C185F Skywagon FSX
"Carenado C208B Grand Caravan" = Carenado C208B Grand Caravan
"Carenado Commander 114 FSX" = Carenado Commander 114 FSX
"Carenado F33A Bonanza" = Carenado F33A Bonanza
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cities XL 2012" = Cities XL 2012
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Debrecen LHDC scenery v1.1 (FS2004)" = Debrecen LHDC scenery v1.1 (FS2004)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DWG TrueView 2012" = DWG TrueView 2012
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"FlightZone 02: Portland" = FlightZone 02: Portland
"Fraps" = Fraps (remove only)
"FSDreamTeam Geneva FS9_is1" = FSDreamTeam Geneva FS9 1.1
"FSDreamTeam Zurich9_is1" = FSDreamTeam Zurich9 1.3.1
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GT4AES" = GT4AES
"HD Tune Pro_is1" = HD Tune Pro 4.60
"iFly Jets - The 737NG for FS2004" = iFly Jets - The 737NG for FS2004
"InstallShield_{2F17C376-EDB7-455B-BC79-171F02F30CAE}" = Skysoft Simulation ZPMS 2011
"InstallShield_{3A778807-F7E8-4829-973F-733B2277A67A}" = Skysoft Simulation ZUJZ - Jiuzhai Huanglong Airport
"InstallShield_{7543FC90-B258-46C5-8238-507BB14D5139}" = Skysoft Simulation ZULZ - Luzhou Lantian Airport
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A624F5D8-DEBF-4827-86E9-7DE67BC750C4}" = Skysoft Simulation ZSOF - Hefei Luogang Int'l
"Klinn's ElectroSet (RCT3)_is1" = Klinn's ElectroSet Version 2
"Klinn's Framework (RCT3)_is1" = Klinn's Framework Version 2
"KPHL FS9" = KPHL FS9
"KSJC San Jose FS2004" = KSJC San Jose FS2004
"LatinVFR MKJS" = LatinVFR MKJS
"LatinVFRMKJPFS9_is1" = Latin VFR MKJP FS9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"MegaSceneryX_is1" = Hawaii Oahu
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PA32R SARATOGA SP FSX" = PA32R SARATOGA SP FSX
"ParoInternationalAirport_is1" = Paro International Airport FS2004
"Pdf995" = Pdf995
"Railworks 3 Train Simulator 2012 Deluxe_is1" = Railworks 3 Train Simulator 2012 Deluxe
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"Samsung ML-1660 Series" = Wartung Samsung ML-1660 Series
"SmartDraw PDF Filter" = SmartDraw PDF Filter
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"SystemRequirementsLab" = System Requirements Lab
"TJSJ San Juan" = TJSJ San Juan
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UK2000 Belfast Xtreme" = Remove UK2000 Belfast Xtreme files
"UK2000 Birmingham Xtreme" = Remove UK2000 Birmingham Xtreme files
"UK2000 Bristol Xtreme FS9" = UK2000 Bristol Xtreme FS9
"UK2000 Edinburgh Xtreme" = Remove UK2000 Edinburgh Xtreme files
"UK2000 Glasgow Xtreme" = Remove UK2000 Glasgow Xtreme files
"UK2000 Liverpool Xtreme FS9" = UK2000 Liverpool Xtreme FS9
"UK2000 London City Xtreme FS9" = UK2000 London City Xtreme FS9
"UK2000 Manchester Xtreme %simname%" = UK2000 Manchester Xtreme %simname% Uninstall
"UK2000 Stansted Xtreme" = Remove UK2000 Stansted Xtreme files
"VHHH Hong Kong FS2004" = VHHH Hong Kong FS2004
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aerosoft Mega Airport Munich" = Aerosoft Mega Airport Munich
"af745cb3dc09e441" = Boeing 767-300ER Fuel Planner
"Carenado's C SKYLANE II RG R182" = Carenado's C SKYLANE II RG R182
"Dropbox" = Dropbox
"Mantex3.0" = Mantex3.0
"Newport - Kalaupapa Hawaii X" = Newport - Kalaupapa Hawaii X
"PA-28-181 ARCHER II FSX" = PA-28-181 ARCHER II FSX
"SmartDraw 2010" = SmartDraw 2010
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2011 09:06:23 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:36 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:39 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:41 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:41 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:42 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:43 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:44 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:45 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:06:45 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Autodesk REX Events ]
Error - 11.12.2011 19:07:19 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
Error - 14.12.2011 13:08:03 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 16.12.2011 08:07:03 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 16.12.2011 08:10:20 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 16.12.2011 09:41:03 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
Error - 17.12.2011 07:24:04 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 17.12.2011 08:05:42 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
Error - 03.01.2012 10:11:58 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 03.01.2012 10:49:58 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 03.01.2012 12:39:57 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
[ System Events ]
Error - 02.01.2012 10:44:37 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.01.2012 11:05:51 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.01.2012 13:27:35 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 03.01.2012 04:27:46 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 03.01.2012 08:22:06 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 03.01.2012 15:36:35 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 04.01.2012 03:19:04 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.01.2012 03:40:25 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.01.2012 11:21:39 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.01.2012 12:57:50 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
hxxp://www.trojaner-board.de/106261-habe-schon-bundestrojaner-bka-virus.html |
|
06.01.2012, 07:51
| #2 | |
| /// Helfer-Team    | Bundespolizei - Trojaner, natoinal crime unit Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Beachte bitte folgendes:-> Cracks, Keygens und andere illegale Software gruß kira
__________________ |
|
06.01.2012, 09:35
| #3 |
| | Bundespolizei - Trojaner, natoinal crime unit Hallo kira,
__________________vielen Dank für die Antwort. ich hatte mir eine Free Trail vom HD Tune auf deren Homepage runtergeladen. Ich wollte den Datendurchsatz meiner Festplatte messen, da Sie mir irgendwie langsam vorkam. Aber das ist schon ewig her, mindestens ein Jahr. Ich weis auch nicht warum er das als Malware idendifiziert hat. Auf jeden Fall ist es nichts illegales gewesen... |
|
07.01.2012, 08:42
| #4 | |||
| /// Helfer-Team | Bundespolizei - Trojaner, natoinal crime unit ► Frage dich, wieso hast Du nicht schon dein System aufgrüstet?!: Code:
ATTFilter Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst bereinigt werden, also absolut malwarefrei sein! Nur am Ende der Reinigung der aktuelle Version installieren! - ich werde Dir Bescheid sagen wann! 1. Code:
ATTFilter Azureus
Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!  Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen! 2. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.10.02 17:06:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 17:06:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk I:\
O33 - MountPoints2\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\Shell - "" = AutoRun
O33 - MountPoints2\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\Shell\AutoRun\command - "" = G:\setup.exe
[2012.01.05 18:50:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.05 17:57:28 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.18 22:20:48 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Azureus
:Commands
[purity]
[emptytemp]
3. erneut einen Scan mit OTL:
4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
07.01.2012, 12:29
| #5 |
| | Bundespolizei - Trojaner, natoinal crime unit Hey Kira, vielen Dank für deine Antwort Den I-Explorer habe ich nicht aktuallisiert. Ich nutzt Firefox und kümmere mich desshalb nicht um den I-Explorer. Das SP1 Update werde ich wohl dann mal machen müssen... Ich bin eigentlich immer nach der Devise vorgegangen "never change a running system". Natürlich habe ich die Sicherheitsupdates immer gemacht, aber mit dem SP1... da gibt es ja nicht nur positive Stimmen. habe alles nach deine Anleitung gemacht, hier die Log-Files: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b54bf35-77f3-11e0-8e27-001d7d994e06}\ not found.
File G:\setup.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\tmp\AZU1112662638737117700.tmp folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\logs\save folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\devices folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\Max Power\AppData\Roaming\Azureus folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Max Power
->Temp folder emptied: 1033332720 bytes
->Java cache emptied: 8823 bytes
->FireFox cache emptied: 657577911 bytes
->Flash cache emptied: 72800 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3238112 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 937961 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.617,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01072012_104732
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 07.01.2012 10:54:58 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Max Power\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 65,14% Memory free 7,00 Gb Paging File | 5,64 Gb Available in Paging File | 80,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,12 Gb Total Space | 20,04 Gb Free Space | 25,65% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 147,66 Gb Free Space | 37,80% Space Free | Partition Type: NTFS Drive E: | 462,66 Gb Total Space | 243,92 Gb Free Space | 52,72% Space Free | Partition Type: NTFS Drive I: | 931,51 Gb Total Space | 109,63 Gb Free Space | 11,77% Space Free | Partition Type: NTFS Computer Name: TU-144 | User Name: Max Power | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.05 18:46:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max Power\Desktop\OTL.exe PRC - [2012.01.05 15:47:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.03 14:29:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max Power\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2011.01.20 10:20:04 | 000,313,152 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTShellHlp.exe PRC - [2010.06.07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2012.01.05 16:40:12 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a72ed18d2df70f09c57cf914ce591306\Microsoft.VisualBasic.ni.dll MOD - [2012.01.03 14:29:52 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.12.24 14:09:00 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll MOD - [2011.12.24 14:04:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011.12.24 14:04:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011.12.24 14:04:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011.12.24 14:04:34 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011.11.23 18:29:26 | 000,008,704 | ---- | M] () -- C:\Users\Max Power\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.7.gadget\GetCoreTempInfoNET.dll MOD - [2011.11.23 18:29:26 | 000,007,680 | ---- | M] () -- C:\Users\Max Power\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.7.gadget\SystemInfo.dll MOD - [2011.11.23 18:29:26 | 000,006,144 | ---- | M] () -- C:\Users\Max Power\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.7.gadget\CoreTempReader.dll MOD - [2011.11.16 09:24:02 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.10.15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.03.15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.06.07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe MOD - [2009.07.14 09:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.05 15:47:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.20 09:58:10 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.06.05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service) ========== Driver Services (SafeList) ========== DRV - [2012.01.05 15:47:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.05 15:47:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.05.13 19:36:25 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.05.13 19:36:24 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.05.06 16:19:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.05.06 15:58:13 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.07.29 01:55:38 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.11.04 19:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 3B E7 18 1F AC CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.11.23 17:39:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.03 14:29:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.01 19:35:02 | 000,000,000 | ---D | M] [2011.08.08 17:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Power\AppData\Roaming\mozilla\Extensions [2011.08.08 17:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Power\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.11.09 16:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.03 14:29:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.02 17:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.02 17:06:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.02 17:06:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.02 17:06:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - Startup: C:\Users\Max Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max Power\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43EF6A6E-3A35-4BE6-8FC5-DF5E88DA7480}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.11.29 11:59:21 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2011.11.29 12:01:26 | 000,000,000 | ---D | M] - E:\Autodesk_Quantity_Takeoff_2012_German_SLD_Win_32Bit -- [ NTFS ] O32 - Unable to obtain root file information for disk I:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.07 10:47:32 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.07 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Documents\Autodesk Showcase 2012 [2012.01.07 00:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2012.01.07 00:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.01.05 18:46:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Max Power\Desktop\OTL.exe [2012.01.05 16:00:40 | 000,000,000 | ---D | C] -- C:\Users\Max Power\AppData\Roaming\Malwarebytes [2012.01.05 16:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.05 16:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.05 16:00:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.05 16:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.05 15:40:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.01.04 11:15:37 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2012.01.04 11:15:37 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2012.01.04 11:15:37 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2012.01.04 11:15:37 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2012.01.04 11:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2012.01.04 11:12:56 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2012.01.04 11:12:56 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2012.01.04 11:12:56 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2012.01.04 11:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012.01.04 11:12:55 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2012.01.04 11:12:55 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2012.01.04 11:12:55 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2012.01.04 11:12:55 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2012.01.04 11:12:55 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2012.01.04 11:12:55 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2012.01.04 11:12:55 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2012.01.04 11:12:55 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2012.01.04 11:12:55 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2012.01.04 11:12:54 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2012.01.04 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft [2012.01.03 23:28:41 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Desktop\Ansichten [2012.01.02 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Desktop\Bewerbung Leipzig [2011.12.24 13:38:36 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.12.24 13:38:36 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.12.24 13:38:36 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.12.24 13:38:36 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.12.24 13:38:36 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.12.24 13:38:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.24 13:38:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.24 13:38:36 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.12.24 13:38:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.24 13:38:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.12.24 13:38:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.12.24 13:38:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.24 13:37:15 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.24 13:37:15 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.24 13:37:13 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.24 13:37:10 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.24 13:37:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.21 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Documents\dvd [2011.12.21 23:40:36 | 000,000,000 | ---D | C] -- C:\Users\Max Power\AppData\Roaming\DVD Flick [2011.12.21 23:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2011.12.21 23:40:27 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll [2011.12.21 23:40:27 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx [2011.12.21 23:40:27 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx [2011.12.15 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Documents\FIFA 12 [2011.12.15 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Max Power\Desktop\Neuer Ordner [2011.12.11 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Navisworks 2012 [2011.12.11 22:17:48 | 000,000,000 | ---D | C] -- C:\Users\Max Power\AppData\Roaming\Autodesk Navisworks Exporters 2012 [2011.12.11 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk Navisworks Exporters 2012 [2011.10.24 16:21:19 | 000,024,920 | ---- | C] ( ) -- C:\Windows\System32\implode.dll [1 C:\Users\Max Power\Documents\*.tmp files -> C:\Users\Max Power\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.07 10:55:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 10:55:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 10:49:55 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job [2012.01.07 10:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.07 10:49:39 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012.01.07 08:31:28 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Allplan AutoUpdate 2011-1.job [2012.01.05 21:14:26 | 000,000,458 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.01.05 19:05:16 | 000,302,592 | ---- | M] () -- C:\Users\Max Power\Desktop\325sw5ii.exe [2012.01.05 18:48:09 | 000,000,000 | ---- | M] () -- C:\Users\Max Power\defogger_reenable [2012.01.05 18:46:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max Power\Desktop\OTL.exe [2012.01.05 18:46:15 | 000,050,477 | ---- | M] () -- C:\Users\Max Power\Desktop\Defogger.exe [2012.01.05 16:00:34 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.05 15:47:35 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.01.05 15:47:35 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.01.05 15:44:51 | 000,700,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.05 15:44:51 | 000,655,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.05 15:44:51 | 000,149,138 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.05 15:44:51 | 000,121,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.03 23:24:29 | 008,523,776 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt3BS.rvt [2012.01.03 23:22:38 | 000,066,823 | ---- | M] () -- C:\Users\Max Power\Documents\Variante1.dwg [2012.01.03 23:21:44 | 000,061,464 | ---- | M] () -- C:\Users\Max Power\Documents\Variante1.bak [2012.01.03 23:19:37 | 000,062,424 | ---- | M] () -- C:\Users\Max Power\Documents\Variante2.dwg [2012.01.03 23:17:13 | 000,001,935 | ---- | M] () -- C:\Users\Max Power\Documents\Variante2.pdf [2012.01.03 23:10:45 | 000,067,672 | ---- | M] () -- C:\Users\Max Power\Documents\Variante3.dwg [2012.01.03 22:58:23 | 000,067,160 | ---- | M] () -- C:\Users\Max Power\Documents\Variante2.bak [2012.01.03 22:42:53 | 000,000,202 | -H-- | M] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl2 [2012.01.03 22:42:53 | 000,000,052 | -H-- | M] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl [2012.01.03 22:17:01 | 008,523,776 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt3BS.0001.rvt [2012.01.03 22:16:44 | 003,711,271 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwg [2012.01.03 22:16:44 | 000,000,202 | -H-- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl2 [2012.01.03 22:16:44 | 000,000,052 | -H-- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl [2012.01.03 21:00:32 | 001,255,379 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_neu.xml [2012.01.03 17:39:41 | 003,164,939 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.bak [2012.01.03 16:50:22 | 000,083,366 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_22889707.pdf [2012.01.03 16:49:57 | 000,083,524 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_22114942.pdf [2012.01.03 16:49:04 | 000,082,118 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_22492949.pdf [2012.01.03 16:48:00 | 000,083,390 | ---- | M] () -- C:\Users\Max Power\Desktop\pj_23325498.pdf [2012.01.02 13:02:44 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv [2011.12.28 16:31:26 | 000,001,456 | ---- | M] () -- C:\Users\Max Power\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.12.25 09:47:27 | 003,899,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.16 13:52:46 | 000,578,820 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen1.xml [2011.12.16 13:10:05 | 000,000,727 | ---- | M] () -- C:\Users\Max Power\Documents\acad.err [2011.12.15 20:14:23 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\Fifa 12.lnk [2011.12.14 22:49:25 | 000,413,696 | ---- | M] () -- C:\Users\Max Power\Documents\D_Roadway.rfa [2011.12.14 22:49:21 | 000,573,440 | ---- | M] () -- C:\Users\Max Power\Documents\D_Deck.rfa [2011.12.14 22:49:18 | 000,397,312 | ---- | M] () -- C:\Users\Max Power\Documents\D_Barrier Right.rfa [2011.12.14 22:49:13 | 000,548,864 | ---- | M] () -- C:\Users\Max Power\Documents\D_Barrier Left.rfa [2011.12.14 22:49:08 | 000,442,368 | ---- | M] () -- C:\Users\Max Power\Documents\D_Road.rfa [2011.12.14 22:48:55 | 011,358,208 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.rvt [2011.12.14 22:24:03 | 011,296,768 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.0003.rvt [2011.12.14 21:50:33 | 010,891,264 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.0002.rvt [2011.12.14 20:47:43 | 008,880,128 | ---- | M] () -- C:\Users\Max Power\Documents\Projekt1.0001.rvt [2011.12.14 19:45:52 | 000,650,245 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.xml [2011.12.12 00:08:00 | 009,031,680 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_sachsen1.rvt [2011.12.11 21:41:49 | 000,003,424 | ---- | M] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_recover.dwg [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Users\Max Power\Documents\*.tmp files -> C:\Users\Max Power\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.05 21:14:26 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.01.05 19:05:13 | 000,302,592 | ---- | C] () -- C:\Users\Max Power\Desktop\325sw5ii.exe [2012.01.05 18:48:09 | 000,000,000 | ---- | C] () -- C:\Users\Max Power\defogger_reenable [2012.01.05 18:46:09 | 000,050,477 | ---- | C] () -- C:\Users\Max Power\Desktop\Defogger.exe [2012.01.05 16:00:34 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.04 11:15:37 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012.01.04 11:12:55 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2012.01.04 11:12:55 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax [2012.01.04 11:12:55 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2012.01.04 11:12:55 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012.01.04 11:12:55 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2012.01.04 11:12:55 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2012.01.04 11:12:55 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2012.01.04 11:12:55 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2012.01.04 11:12:54 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2012.01.04 11:12:54 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2012.01.03 23:17:13 | 000,001,935 | ---- | C] () -- C:\Users\Max Power\Documents\Variante2.pdf [2012.01.03 22:42:53 | 000,067,672 | ---- | C] () -- C:\Users\Max Power\Documents\Variante3.dwg [2012.01.03 22:42:53 | 000,067,160 | ---- | C] () -- C:\Users\Max Power\Documents\Variante2.bak [2012.01.03 22:42:53 | 000,066,823 | ---- | C] () -- C:\Users\Max Power\Documents\Variante1.dwg [2012.01.03 22:42:53 | 000,062,424 | ---- | C] () -- C:\Users\Max Power\Documents\Variante2.dwg [2012.01.03 22:42:53 | 000,061,464 | ---- | C] () -- C:\Users\Max Power\Documents\Variante1.bak [2012.01.03 22:42:53 | 000,000,202 | -H-- | C] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl2 [2012.01.03 22:42:53 | 000,000,052 | -H-- | C] () -- C:\Users\Max Power\Documents\Zeichnung1.dwl [2012.01.03 22:16:56 | 008,523,776 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt3BS.rvt [2012.01.03 22:16:56 | 008,523,776 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt3BS.0001.rvt [2012.01.03 21:00:30 | 001,255,379 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_neu.xml [2012.01.03 20:43:52 | 000,000,202 | -H-- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl2 [2012.01.03 20:43:52 | 000,000,052 | -H-- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwl [2012.01.03 16:50:22 | 000,083,366 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_22889707.pdf [2012.01.03 16:49:57 | 000,083,524 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_22114942.pdf [2012.01.03 16:49:04 | 000,082,118 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_22492949.pdf [2012.01.03 16:48:00 | 000,083,390 | ---- | C] () -- C:\Users\Max Power\Desktop\pj_23325498.pdf [2011.12.16 13:52:45 | 000,578,820 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen1.xml [2011.12.15 20:14:23 | 000,000,713 | ---- | C] () -- C:\Users\Public\Desktop\Fifa 12.lnk [2011.12.15 20:14:23 | 000,000,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa 12.lnk [2011.12.14 22:49:24 | 000,413,696 | ---- | C] () -- C:\Users\Max Power\Documents\D_Roadway.rfa [2011.12.14 22:49:20 | 000,573,440 | ---- | C] () -- C:\Users\Max Power\Documents\D_Deck.rfa [2011.12.14 22:49:17 | 000,397,312 | ---- | C] () -- C:\Users\Max Power\Documents\D_Barrier Right.rfa [2011.12.14 22:49:12 | 000,548,864 | ---- | C] () -- C:\Users\Max Power\Documents\D_Barrier Left.rfa [2011.12.14 22:49:07 | 000,442,368 | ---- | C] () -- C:\Users\Max Power\Documents\D_Road.rfa [2011.12.14 20:47:37 | 011,358,208 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.rvt [2011.12.14 20:47:37 | 011,296,768 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.0003.rvt [2011.12.14 20:47:37 | 010,891,264 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.0002.rvt [2011.12.14 20:47:37 | 008,880,128 | ---- | C] () -- C:\Users\Max Power\Documents\Projekt1.0001.rvt [2011.12.12 00:07:54 | 009,031,680 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_sachsen1.rvt [2011.12.11 22:08:24 | 000,650,245 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.xml [2011.12.11 21:41:49 | 000,003,424 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen_recover.dwg [2011.12.11 13:56:52 | 003,711,271 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.dwg [2011.12.11 13:56:52 | 003,164,939 | ---- | C] () -- C:\Users\Max Power\Documents\Brücke_Sachsen.bak [2011.11.23 18:33:07 | 000,000,412 | ---- | C] () -- C:\Users\Max Power\AppData\Roaming\All CPU Meter_Settings.ini [2011.11.13 15:37:44 | 000,005,120 | ---- | C] () -- C:\Users\Max Power\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.13 14:46:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.11.09 20:56:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.09.25 09:28:41 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2011.09.01 17:04:13 | 000,000,132 | ---- | C] () -- C:\Users\Max Power\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.07.26 20:30:17 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A107F471DF.sys [2011.07.26 20:30:16 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.07.23 07:33:44 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2011.07.22 13:57:35 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.07.10 19:38:32 | 000,000,072 | ---- | C] () -- C:\Windows\QFP.ini [2011.06.15 21:18:48 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2011.06.15 21:16:17 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv [2011.06.15 21:16:16 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2011.06.13 21:12:01 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin [2011.05.28 16:30:16 | 000,001,456 | ---- | C] () -- C:\Users\Max Power\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.05.21 10:45:15 | 000,000,057 | ---- | C] () -- C:\Windows\fs9configurator.ini [2011.05.13 19:36:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.05.13 19:36:24 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.05.10 21:24:35 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.dat [2011.05.06 15:58:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe [2011.05.06 15:58:26 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini [2011.05.06 15:56:43 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 09:47:43 | 000,700,342 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,149,138 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 003,899,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,655,054 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,121,926 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.06.04 09:23:14 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll [2005.02.25 00:59:49 | 000,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll [2002.03.13 23:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll [1997.06.14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.06.21 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\4X_DATA [2011.07.23 07:53:54 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Atari [2012.01.07 10:18:50 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Autodesk [2011.12.11 22:17:48 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Autodesk Navisworks Exporters 2012 [2011.10.09 20:15:43 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Bridge! [2011.08.09 18:40:25 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Canneverbe Limited [2011.07.26 21:06:50 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.29 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\DAEMON Tools Lite [2012.01.07 10:50:53 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Dropbox [2011.11.13 17:24:40 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Duden [2011.08.09 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\DVDVideoSoft [2011.07.13 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Graphisoft [2011.06.08 08:52:24 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\HD Tune Pro [2011.12.16 14:45:36 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\ICQ [2011.09.18 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\iJoysoft [2011.11.27 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Nemetschek [2011.06.15 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\pdf995 [2011.11.09 13:45:46 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\SmartDraw [2011.08.01 16:14:42 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\SPORE [2011.05.27 23:33:41 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.11.23 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Swiss Academic Software [2011.08.08 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\TomTom [2011.11.23 15:16:00 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Ubisoft [2011.11.13 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\Max Power\AppData\Roaming\Video DVD Maker FREE [2012.01.07 08:31:28 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job [2011.12.26 16:26:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.07 10:49:55 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job [2011.10.24 16:25:26 | 000,000,646 | ---- | M] () -- C:\Windows\Tasks\WebContent AutoUpdate 2011.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.01.2012 10:54:58 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Max Power\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 65,14% Memory free
7,00 Gb Paging File | 5,64 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,12 Gb Total Space | 20,04 Gb Free Space | 25,65% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 147,66 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive E: | 462,66 Gb Total Space | 243,92 Gb Free Space | 52,72% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 109,63 Gb Free Space | 11,77% Space Free | Partition Type: NTFS
Computer Name: TU-144 | User Name: Max Power | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02250F8E-3EF9-41D3-9215-889DDA4A414B}_is1" = EIRESIM - Alicante Ultimate
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0976C02C-0F73-447D-9657-5318C0C45A05}" = aerosoft's - Budapest 2007 - FS2004
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D9CF86F-BA43-4159-A8AA-3A7C5FF5B00A}" = Bridge Modeler for AutoCAD® Civil 3D® 2012 on AutoCAD Civil 3D 2012 - German (Standard)
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1296225E-030B-4979-B515-323CE0FC7582}" = aerosoft's - Mallorca X for FS2004
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}" = PMDG747_400F
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack
"{1F121516-E175-4E0B-AC4D-42DD5164E396}_is1" = Need for Speed: The Run
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{27AA1674-74F1-43BB-8491-CB5C048541E2}" = GeoMedia Professional
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2F17C376-EDB7-455B-BC79-171F02F30CAE}" = Skysoft Simulation ZPMS 2011
"{33A2107C-7189-40B4-8AF3-043E016AE49B}" = aerosoft's - Keflavik
"{34BDC9DA-9320-491C-AA40-B0D98A0EBA9C}" = aerosoft's - Mega Airport Frankfurt - FS2004
"{36E015FF-26E3-470A-9631-0786D402D6C0}" = Autodesk Quantity Takeoff 2012
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A778807-F7E8-4829-973F-733B2277A67A}" = Skysoft Simulation ZUJZ - Jiuzhai Huanglong Airport
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ABDFABB-FA48-4BCA-9ECC-3EFC1E5143D2}" = aerosoft's - German Airports 2 - Dortmund
"{3B0DBBE5-89F3-4F12-87D8-A5A24E98A402}" = Revit Extensions
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F48E4DD-08FB-4B2A-9100-EEA4EFBB77F6}" = Revit Extensions for Autodesk Revit Structure 2010
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{45C5C113-AD43-414B-867D-7C0AF54276CB}" = Duden-Rechtschreibprüfung PLUS
"{46464A5D-7D14-41E3-9C26-E3C186F37D84}" = aerosoft's - German Airports 2 - Cologne-Bonn - FS2004
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4C4494AC-E3E4-4675-8973-1B6403429C02}" = aerosoft's - Lissabon 2008
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{50AE4FAB-3A8B-4640-A607-987BDB8FB863}" = aerosoft's - Nice Cote dAzur
"{51D199F4-5593-4BC9-B2A5-BB1CDE0C894A}" = aerosoft's - Mega Airport Paris CDG
"{55255E60-CD59-11DF-BD3B-0800200C9A66}" = Übungsprojekt Tutorial Architektur (mit Modell)
"{555C7DA8-8A43-4A5B-A5FB-137C07AA81D0}" = aerosoft's - Approaching Innsbruck 2004
"{5783F2D7-0111-0409-0010-0060B0CE6BBA}" = Autodesk CAD Manager Tools
"{5783F2D7-A000-0407-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
"{5783F2D7-A000-0407-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - Deutsch
"{5783F2D7-A001-0407-0002-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{5EDF1B95-251E-0409-8232-38B90D666EE2}" = Autodesk Navisworks 2012 32 bit Exporter Plug-ins English Language Pack
"{5EDF1B95-251E-406A-8232-38B90D666EE2}" = Autodesk Navisworks 2012 32 bit Exporter Plug-ins
"{608B7A43-D176-4309-8999-D772F9A01CD4}" = aerosoft's - German Airports 2 - Muenster-Osnabrueck
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65C68BC0-5F5D-4470-8E04-00CA4606C26C}" = Revit Extensions
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2207AE-45BA-40AF-A9FF-7866C8611ED5}" = PMDGMD11_FS9_GEF_WOF1
"{6C06AC26-DBD1-46E5-9863-33E7633566E5}" = ActiveSky Version 6 and ActiveSky Graphics
"{705F27B3-5B35-4EC4-A258-BF16D83BE22B}" = aerosoft's - German Airports 2 - Leipzig - FS2004
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7346B4A0-1200-0100-0409-705C0D862004}" = Revit Architecture 2012
"{7346B4A0-1200-0101-0409-705C0D862004}" = Revit Architecture 2012 Language Pack - English
"{7346B4A0-1200-0200-0407-705C0D862004}" = Revit Structure 2012
"{7346B4A0-1200-0201-0407-705C0D862004}" = Revit Structure 2012 Language Pack - Deutsch
"{7543FC90-B258-46C5-8238-507BB14D5139}" = Skysoft Simulation ZULZ - Luzhou Lantian Airport
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8440C171-F033-4410-B099-5BE38273A13B}" = CLOUD9 LosAngeles 1.01
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8BA8CE06-0C92-4A44-9924-2614DCD77F20}" = PMDG MD-11 FS9
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92617838-E49F-4184-B96C-64815B9B4697}" = PMDGMD11_FS9_GEF_GRF2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{939D29FC-B82D-42A7-BB1E-8E3F121505CC}" = Autodesk Revit Structure 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96879817-0731-44B2-952A-E2D64C9BFDED}" = Aerosoft's - Discus Glider X
"{974518D4-7C04-4B2D-AADC-0D4F303E275F}" = Crystal Reports Runtime
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{9A0906C7-D472-4C22-8D12-11D6AB2819E4}" = aerosoft's - German Airports 3 - Bremen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0663B00-3376-42C1-B719-995B9CB44DEF}" = Aerosoft's - Hawaii Dillingham X
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A624F5D8-DEBF-4827-86E9-7DE67BC750C4}" = Skysoft Simulation ZSOF - Hefei Luogang Int'l
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A91EDDC0-CD59-11DF-BD3B-0800200C9A66}" = Übungsprojekt Tutorial Ingenieurbau (mit Modell)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A981F05D-AFD4-4E7C-B4DB-FF6EE33F8DCE}" = PMDGMD11_FS9_PWF_FXF
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2BDE61B-0407-47F5-8890-8328102F0E3B}" = Autodesk QTO Language Pack - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2FBA9F9-4942-4254-877C-3EB2B731DD0C}_is1" = Bridge Repack by Der Jok3r Version 1.00
"{C732C76D-0010-1033-99BD-DDB8254216B8}" = Autodesk Showcase 2012 32-bit - English
"{C732C76D-7C3D-4DEB-99BD-DDB8254216B8}" = Autodesk Showcase 2012 32-bit - English
"{C8948D5A-ECB5-4EF0-AEA0-8564E3094DC4}" = Revit Extensions
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB131247-7869-47E1-9969-B29567C9B106}_is1" = LatinVFR - Crown Point Update v1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1D50FD9-9867-4139-858E-0C0448CECBA9}" = aerosoft's - German Airports 1 - Stuttgart
"{D234EAC0-7D49-492F-97EC-8FA09FD7C1C4}" = aerosoft's - German Airports 3 - Hamburg
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D41CAD6D-DB4C-4D7C-BABA-D1A4B1599741}" = aerosoft's - German Airports 3-Berlin Tegel
"{D4FB2856-E6EB-4864-A241-4587ED21A11B}" = aerosoft's - Brussels 2007
"{D641BAA9-0070-46A5-A313-21933A211851}" = Revit Extensions
"{D86B6E8D-F224-4BB6-B959-C8EDC5300B5D}" = aerosoft's - Mega Airport Stockholm Arlanda
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF71C8D1-9258-4504-89AF-BA80748CC0D2}" = Nemetschek Allplan 2011
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}" = Autodesk Network License Manager
"{ED654F5D-5DC9-46EA-9D10-621231527F98}" = FS9 Configurator
"{EE46B5D5-E62B-41CA-A2E1-2B4811F23E3B}" = Revit Extensions for Autodesk Revit Structure 2012
"{EE7D2735-9566-4E60-95AD-44282A7362BE}_is1" = Aerosoft - Gibraltar FS2004
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19BB7D3-FB87-4C96-A28B-45C59A0F5229}" = RPC Plug-in for Autodesk 3ds Max Design 2012 32-bit
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA61FF86-2479-D620-9F6B-655ADD4225B4}" = General Runtime Files for Allplan 2011-1 Release
"{FCEBDFA6-EED5-4B0B-8187-46AC14F96E57}" = PMDGMD11_FS9_PWF_WOF
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"763v2" = Level-D Simulations 767-300
"763v21" = Level-D Simulations 767-300 Update
"Active Camera 2004 patch for FS 9.1" = Active Camera 2004 patch for FS 9.1
"Active Camera 2004 update to version 2.1 (FS 9.1)" = Active Camera 2004 update to version 2.1 (FS 9.1)
"Active Camera 2004 version 2.0" = Active Camera 2004 version 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AKESOFT FORONDA-X FS9 1.00" = AKESOFT FORONDA-X FS9 1.00
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Navisworks 2012 32 bit Exporter Plug-ins" = Autodesk Navisworks 2012 32 bit Exporter Plug-ins
"Autodesk Quantity Takeoff 2012" = Autodesk Quantity Takeoff 2012
"Autodesk Revit Architecture 2012" = Autodesk Revit Architecture 2012
"Autodesk Revit Structure 2010" = Autodesk Revit Structure 2010
"Autodesk Revit Structure 2010 SP2" = Autodesk Revit Structure 2010 x86 Update 2
"Autodesk Revit Structure 2012" = Autodesk Revit Structure 2012
"Autodesk Showcase 2012 32-bit - English" = Autodesk Showcase 2012 32-bit - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BG9_is1" = Ben Gurion Airport for FS2004
"Bridge Building Game" = Bridge Building Game
"C337H SKYMASTER HD SERIES FSX" = C337H SKYMASTER HD SERIES FSX
"Carenado - C185F Skywagon FSX" = Carenado - C185F Skywagon FSX
"Carenado C208B Grand Caravan" = Carenado C208B Grand Caravan
"Carenado Commander 114 FSX" = Carenado Commander 114 FSX
"Carenado F33A Bonanza" = Carenado F33A Bonanza
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cities XL 2012" = Cities XL 2012
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Debrecen LHDC scenery v1.1 (FS2004)" = Debrecen LHDC scenery v1.1 (FS2004)
"Defraggler" = Defraggler
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DWG TrueView 2012" = DWG TrueView 2012
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"FlightZone 02: Portland" = FlightZone 02: Portland
"Fraps" = Fraps (remove only)
"FSDreamTeam Geneva FS9_is1" = FSDreamTeam Geneva FS9 1.1
"FSDreamTeam Zurich9_is1" = FSDreamTeam Zurich9 1.3.1
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GT4AES" = GT4AES
"HD Tune Pro_is1" = HD Tune Pro 4.60
"iFly Jets - The 737NG for FS2004" = iFly Jets - The 737NG for FS2004
"InstallShield_{2F17C376-EDB7-455B-BC79-171F02F30CAE}" = Skysoft Simulation ZPMS 2011
"InstallShield_{3A778807-F7E8-4829-973F-733B2277A67A}" = Skysoft Simulation ZUJZ - Jiuzhai Huanglong Airport
"InstallShield_{7543FC90-B258-46C5-8238-507BB14D5139}" = Skysoft Simulation ZULZ - Luzhou Lantian Airport
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A624F5D8-DEBF-4827-86E9-7DE67BC750C4}" = Skysoft Simulation ZSOF - Hefei Luogang Int'l
"Klinn's ElectroSet (RCT3)_is1" = Klinn's ElectroSet Version 2
"Klinn's Framework (RCT3)_is1" = Klinn's Framework Version 2
"KPHL FS9" = KPHL FS9
"KSJC San Jose FS2004" = KSJC San Jose FS2004
"LatinVFR MKJS" = LatinVFR MKJS
"LatinVFRMKJPFS9_is1" = Latin VFR MKJP FS9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"MegaSceneryX_is1" = Hawaii Oahu
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PA32R SARATOGA SP FSX" = PA32R SARATOGA SP FSX
"ParoInternationalAirport_is1" = Paro International Airport FS2004
"Pdf995" = Pdf995
"Railworks 3 Train Simulator 2012 Deluxe_is1" = Railworks 3 Train Simulator 2012 Deluxe
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"Samsung ML-1660 Series" = Wartung Samsung ML-1660 Series
"SmartDraw PDF Filter" = SmartDraw PDF Filter
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"SystemRequirementsLab" = System Requirements Lab
"TJSJ San Juan" = TJSJ San Juan
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UK2000 Belfast Xtreme" = Remove UK2000 Belfast Xtreme files
"UK2000 Birmingham Xtreme" = Remove UK2000 Birmingham Xtreme files
"UK2000 Bristol Xtreme FS9" = UK2000 Bristol Xtreme FS9
"UK2000 Edinburgh Xtreme" = Remove UK2000 Edinburgh Xtreme files
"UK2000 Glasgow Xtreme" = Remove UK2000 Glasgow Xtreme files
"UK2000 Liverpool Xtreme FS9" = UK2000 Liverpool Xtreme FS9
"UK2000 London City Xtreme FS9" = UK2000 London City Xtreme FS9
"UK2000 Manchester Xtreme %simname%" = UK2000 Manchester Xtreme %simname% Uninstall
"UK2000 Stansted Xtreme" = Remove UK2000 Stansted Xtreme files
"VHHH Hong Kong FS2004" = VHHH Hong Kong FS2004
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aerosoft Mega Airport Munich" = Aerosoft Mega Airport Munich
"af745cb3dc09e441" = Boeing 767-300ER Fuel Planner
"Carenado's C SKYLANE II RG R182" = Carenado's C SKYLANE II RG R182
"Dropbox" = Dropbox
"Mantex3.0" = Mantex3.0
"Newport - Kalaupapa Hawaii X" = Newport - Kalaupapa Hawaii X
"PA-28-181 ARCHER II FSX" = PA-28-181 ARCHER II FSX
"SmartDraw 2010" = SmartDraw 2010
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2011 04:34:59 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:04:45 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:04:53 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:04:54 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:04:55 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:04:55 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:04:55 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:04:55 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:05:50 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.12.2011 09:05:50 | Computer Name = TU-144 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Autodesk REX Events ]
Error - 11.12.2011 19:07:19 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
Error - 14.12.2011 13:08:03 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 16.12.2011 08:07:03 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 16.12.2011 08:10:20 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 16.12.2011 09:41:03 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
Error - 17.12.2011 07:24:04 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 17.12.2011 08:05:42 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
Error - 03.01.2012 10:11:58 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 03.01.2012 10:49:58 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - REX startup failed: Die Datei "C:\Program Files\Common
Files\Autodesk Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml"
konnte nicht gefunden werden.: Die Datei "C:\Program Files\Common Files\Autodesk
Shared\Extensions 2012\Products\Civil3D\de-DE\\tree_Civil3D.xml" konnte nicht gefunden
werden.; StackTrace: bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName, Boolean overwrite) bei REX.Manager.Settings.9REaR2BLp()
bei REX.Manager.Settings.CheckModulesFilenameVer() bei REX.Common.Start.REXStartProxy.2314pfjGK(Dictionary`2&
, List`1& ) bei REX.Common.Start.REXStartProxy.OnStartup()
Error - 03.01.2012 12:39:57 | Computer Name = TU-144 | Source = AREX | ID = 0
Description = AREX.Revit - : Der Objektverweis wurde nicht auf eine Objektinstanz
festgelegt.; StackTrace: bei REX.AREXC3DStart.AREXC3DProxy.RemoveRibbon()
bei REX.AREXC3DStart.AREXC3DProxy.OnShutdown() bei REX.Common.Start.REXStart.OnShutdown()
bei REX.AREXC3DStart.REXC3DStart.Terminate()
[ System Events ]
Error - 05.01.2012 03:40:25 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.01.2012 11:21:39 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.01.2012 12:57:50 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.01.2012 05:16:21 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.01.2012 18:52:10 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.01.2012 19:51:25 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.01.2012 19:57:36 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.01.2012 20:07:52 | Computer Name = TU-144 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 07.01.2012 05:47:32 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 07.01.2012 05:49:59 | Computer Name = TU-144 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
07.01.2012, 12:35
| #6 |
| | Bundespolizei - Trojaner, natoinal crime unit CC Code:
ATTFilter Active Camera 2004 patch for FS 9.1 10.05.2011 Active Camera 2004 update to version 2.1 (FS 9.1) 10.05.2011 Active Camera 2004 version 2.0 10.05.2011 ActiveSky Version 6 and ActiveSky Graphics HiFi Simulation Software 08.05.2011 258MB 0.6.6442 Adobe AIR Adobe Systems Inc. 26.05.2011 1.5.3.9120 Adobe Community Help Adobe Systems Incorporated 26.05.2011 3.0.0.400 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 05.05.2011 6,00MB 10.2.159.1 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.11.2011 6,00MB 11.1.102.55 Adobe Media Player Adobe Systems Incorporated 26.05.2011 1.8 Adobe Photoshop CS5 Adobe Systems Incorporated 26.05.2011 1.559MB 12.0 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 06.07.2011 118,4MB 10.1.0 Aerosoft - Gibraltar FS2004 Aerosoft - Gibraltar FS2004 20.07.2011 196,1MB 1 Aerosoft Mega Airport Munich 09.05.2011 aerosoft's - Approaching Innsbruck 2004 aerosoft 08.05.2011 1.00 aerosoft's - Brussels 2007 aerosoft 09.05.2011 1.10 aerosoft's - Budapest 2007 - FS2004 09.05.2011 Aerosoft's - Discus Glider X Aerosoft 23.09.2011 1.00 aerosoft's - German Airports 1 - Stuttgart aerosoft 10.05.2011 1.00 aerosoft's - German Airports 2 - Cologne-Bonn - FS2004 08.05.2011 aerosoft's - German Airports 2 - Dortmund aerosoft 08.05.2011 1.00 aerosoft's - German Airports 2 - Leipzig - FS2004 09.05.2011 aerosoft's - German Airports 2 - Muenster-Osnabrueck aerosoft 09.05.2011 1.00 aerosoft's - German Airports 3 - Bremen aerosoft 08.05.2011 1.00 aerosoft's - German Airports 3 - Hamburg aerosoft 09.05.2011 1.00 aerosoft's - German Airports 3-Berlin Tegel aerosoft 09.05.2011 1.00 Aerosoft's - Hawaii Dillingham X Aerosoft 23.09.2011 1.00 aerosoft's - Keflavik aerosoft 10.10.2011 1.00 aerosoft's - Lissabon 2008 aerosoft 08.05.2011 1.00 aerosoft's - Mallorca X for FS2004 aerosoft 09.05.2011 1.00 aerosoft's - Mega Airport Frankfurt - FS2004 09.05.2011 aerosoft's - Mega Airport Paris CDG aerosoft 09.05.2011 1.00 aerosoft's - Mega Airport Stockholm Arlanda aerosoft 08.05.2011 1.10 aerosoft's - Nice Cote dAzur aerosoft 07.06.2011 1.00 AKESOFT FORONDA-X FS9 1.00 02.10.2011 ANNO 1404 Ubisoft 13.05.2011 1.02.0000 ANNO 1404 - Venedig Ubisoft 13.05.2011 2.0.5008.0 ANNO 2070 Ubisoft 22.11.2011 1.0.0.0 Apple Application Support Apple Inc. 12.07.2011 32,4MB 1.1.0 Apple Software Update Apple Inc. 12.07.2011 2,16MB 2.1.1.116 AutoCAD 2012 - Deutsch Autodesk 24.11.2011 18.2.51.0 AutoCAD Civil 3D 2012 Autodesk 24.11.2011 9.0.1619.0 Autodesk CAD Manager Tools Autodesk 19.11.2011 1,29MB 16.0.0.65 Autodesk Content Service Autodesk 19.11.2011 95,9MB 2.0.90 Autodesk Design Review 2012 Autodesk, Inc. 28.11.2011 12.0.0.93 Autodesk Inventor Fusion 2012 Autodesk, Inc. 19.11.2011 1.0.0.79 Autodesk Inventor Fusion plug-in for AutoCAD 2012 Autodesk 24.11.2011 0.0.1.138 Autodesk Material Library 2012 Autodesk 19.11.2011 97,9MB 2.5.0.8 Autodesk Material Library Base Resolution Image Library 2012 Autodesk 19.11.2011 71,4MB 2.5.0.8 Autodesk Material Library Low Resolution Image Library 2012 Autodesk 19.11.2011 245MB 2.5.0.8 Autodesk Material Library Medium Resolution Image Library 2012 Autodesk 19.11.2011 740MB 2.5.0.8 Autodesk Navisworks 2012 32 bit Exporter Plug-ins Autodesk 19.11.2011 9.0.69.686 Autodesk Navisworks 2012 32 bit Exporter Plug-ins English Language Pack Autodesk 19.11.2011 8,85MB 9.0.69.686 Autodesk Network License Manager Autodesk 19.11.2011 8,08MB 1.0.0 Autodesk Quantity Takeoff 2012 Autodesk 28.11.2011 5.0.16.0 Autodesk Revit Architecture 2012 Autodesk 19.11.2011 11.03.09231 Autodesk Revit Structure 2010 Autodesk, Inc. 24.11.2011 09.09.17151 Autodesk Revit Structure 2012 Autodesk 28.11.2011 11.03.09231 Autodesk Showcase 2012 32-bit - English Autodesk 19.11.2011 6.0.0.0 Avira AntiVir Personal - Free Antivirus Avira GmbH 04.01.2012 70,6MB 10.2.0.704 Battlefield 3™ Electronic Arts 29.10.2011 1.0.0.0 Belkin 54Mbps Wireless Network Adapter Belkin 05.05.2011 1.00.01 Ben Gurion Airport for FS2004 FSAddon 15.11.2011 156,5MB Boeing 767-300ER Fuel Planner Boeing 767-300ER Fuel Planner 09.07.2011 2.0.0.38 Bridge Building Game 24.05.2011 Bridge Modeler for AutoCAD® Civil 3D® 2012 on AutoCAD Civil 3D 2012 - German (Standard) Autodesk, Inc. 28.11.2011 111,7MB 17.0 Bridge Repack by Der Jok3r Version 1.00 Der Jok3r 08.10.2011 387MB 1.00 C337H SKYMASTER HD SERIES FSX Carenado 24.09.2011 1.00.00.00 Carenado - C185F Skywagon FSX 23.09.2011 Carenado C208B Grand Caravan Carenado 23.09.2011 1.00.00.00 Carenado Commander 114 FSX Carenado 23.09.2011 1.00.00.00 Carenado F33A Bonanza Carenado 23.09.2011 1.00.00.00 Carenado's C SKYLANE II RG R182 23.09.2011 CCleaner Piriform 25.11.2011 3.12 CDBurnerXP CDBurnerXP 08.08.2011 11,9MB 4.3.8.2568 Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 09.05.2011 11,6MB 5.0.6 Citavi Swiss Academic Software 22.11.2011 62,9MB 3.1.15.0 Cities In Motion 02.12.2011 410MB Cities XL 2012 Focus Home Interactive 25.10.2011 1.0.0 CLOUD9 LosAngeles 1.01 10.05.2011 1.01 Crystal Reports Runtime Autodesk 28.11.2011 91,9MB 1.00.0000 DAEMON Tools Lite DT Soft Ltd 05.05.2011 4.40.2.0131 Debrecen LHDC scenery v1.1 (FS2004) 19.08.2011 Defraggler Piriform 06.01.2012 2.08 DiRT 3 Codemasters 06.06.2011 1.0.0000.130 Dropbox Dropbox, Inc. 05.12.2011 1.2.49 Duden-Bibliothek Bibliographisches Institut GmbH 11.05.2011 68,1MB 5.1.0 Duden-Rechtschreibprüfung PLUS Bibliographisches Institut GmbH 12.11.2011 807MB 8.01 DVD Flick 1.3.0.7 Dennis Meuwissen 20.12.2011 1.3.0.7 DWG TrueView 2012 Autodesk 28.11.2011 18.2.51.0 EditVoicepack Bevelstone Production 11.05.2011 2,26MB 3.1.0 EIRESIM - Alicante Ultimate EIRESIM - Alicante Ultimate 10.05.2011 543MB 1 FARO LS 1.1.406.58 FARO Scanner Production 19.11.2011 21,5MB 4.6.58.2 Fifa 12 (c) Electronic Arts version 1 14.12.2011 1 FlightZone 02: Portland 09.05.2011 Fraps (remove only) 20.05.2011 FS9 Configurator Ken Salter 20.05.2011 0,41MB 1.6.0 FSDreamTeam Geneva FS9 1.1 10.05.2011 FSDreamTeam Zurich9 1.3.1 10.05.2011 GeoMedia Professional Intergraph Corporation 28.06.2011 418MB 06.01.02.04 Gigabyte Raid Configurer Gigabyte Technology Corp. 05.05.2011 1.00.0000 Google Earth Google 21.11.2011 92,7MB 6.1.0.5001 GT4AES 22.05.2011 Hawaii Oahu PC Aviator Inc. 23.09.2011 1 HD Tune Pro 4.60 EFD Software 07.06.2011 2,67MB ICQ7.5 ICQ 19.05.2011 7.5 iFly Jets - The 737NG for FS2004 09.05.2011 Java(TM) 6 Update 25 Oracle 08.05.2011 94,7MB 6.0.250 Klinn's ElectroSet Version 2 26.07.2011 Klinn's Framework Version 2 26.07.2011 KPHL FS9 23.05.2011 KSJC San Jose FS2004 09.05.2011 Latin VFR MKJP FS9 SimMarket 10.05.2011 LatinVFR - Crown Point Update v1 LatinVFR - Crown Point Update v1 10.05.2011 8,07MB 1 LatinVFR MKJS LatinVFR 10.05.2011 1.0 Level-D Simulations 767-300 10.05.2011 Level-D Simulations 767-300 Update 10.05.2011 Malwarebytes Anti-Malware Version 1.60.0.1800 Malwarebytes Corporation 04.01.2012 18,6MB 1.60.0.1800 Mantex3.0 10.05.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.05.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 08.05.2011 2,94MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 19.11.2011 52,0MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 19.11.2011 10,7MB 4.0.30319 Microsoft Age of Empires II 26.08.2011 Microsoft Age of Empires II: The Conquerors Expansion 26.08.2011 Microsoft Flight Simulator 2004 A Century of Flight Microsoft 08.05.2011 9.0 Microsoft Flight Simulator X: Acceleration Microsoft Game Studios 23.09.2011 10.0.61637.0 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 13.05.2011 31,3MB 3.5.88.0 Microsoft Games for Windows Marketplace Microsoft Corporation 13.05.2011 6,04MB 3.5.50.0 Microsoft Office Professional Plus 2010 Microsoft Corporation 06.05.2011 14.0.4763.1000 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft Corporation 15.11.2011 Microsoft Silverlight Microsoft Corporation 15.11.2011 60,4MB 4.0.60831.0 Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Corporation 24.11.2011 3,39MB 3.5.8080.0 Microsoft Visual Basic Power Packs 3.0 Microsoft 24.11.2011 5,28MB 9.0.30214 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 12.05.2011 0,24MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 26.05.2011 2,87MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.07.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 05.05.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 23.12.2011 11,1MB 10.0.30319 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 15.11.2011 211MB 9.0.30729 Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Corporation 28.11.2011 95,8MB 9.0.30729 Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Corporation 23.09.2011 0,15MB 9.0.30729 Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft Corporation 28.11.2011 0,22MB 9.0.30729 Mozilla Firefox 9.0.1 (x86 de) Mozilla 02.01.2012 36,8MB 9.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.05.2011 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 12.05.2011 1,34MB 4.20.9876.0 MSXML 4.0 SP2 Parser und SDK Microsoft Corporation 12.06.2011 49,00KB 4.20.9818.0 Need for Speed: The Run RAF 20.11.2011 1.0 Nemetschek Allplan 2011 Nemetschek Allplan GmbH 23.10.2011 2011.0 Nemetschek SoftLock 2006 Nemetschek Allplan GmbH 23.10.2011 1.0.52 Newport - Kalaupapa Hawaii X 24.09.2011 NVIDIA 3D Vision Controller-Treiber 285.62 NVIDIA Corporation 29.10.2011 285.62 NVIDIA 3D Vision Treiber 285.62 NVIDIA Corporation 29.10.2011 285.62 NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 29.10.2011 285.62 NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Corporation 29.10.2011 1.2.24.0 NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 29.10.2011 9.11.0621 NVIDIA Update 1.5.20 NVIDIA Corporation 29.10.2011 1.5.20 OpenAL 12.05.2011 PA-28-181 ARCHER II FSX 23.09.2011 PA32R SARATOGA SP FSX Carenado 23.09.2011 1.00.00.00 Paro International Airport FS2004 SimMarket 20.06.2011 85,1MB PDF24 Creator 3.3.0 PDF24.org 13.07.2011 33,2MB Pdf995 14.06.2011 PMDG MD-11 FS9 PMDG Simulations 11.07.2011 1.20.0055 PMDG747_400 Queen of the Skies Precision Manuals Development Group 26.05.2011 1.10.0000 PMDG747_400F Precision Manuals Development Group 26.05.2011 1.01.0000 PMDGMD11_FS9_GEF_GRF2 Precision Manuals Development Group 11.07.2011 1.00.0000 PMDGMD11_FS9_GEF_WOF1 Precision Manuals Development Group 11.07.2011 1.00.0000 PMDGMD11_FS9_PWF_FXF Precision Manuals Development Group 11.07.2011 1.00.0000 PMDGMD11_FS9_PWF_WOF Precision Manuals Development Group 11.07.2011 1.00.0000 QuickTime Apple Inc. 12.07.2011 77,3MB 7.65.17.80 Railworks 3 Train Simulator 2012 Deluxe 05.12.2011 Rapture3D 2.4.8 Game Blue Ripple Sound 06.06.2011 RCT3 Soaked 22.07.2011 1.00.000 Real Environment Xtreme Real Environment Xtreme 23.09.2011 978MB 1.0.2008.1128 Realtek Ethernet Controller Driver Realtek 05.05.2011 7.38.113.2011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.05.2011 6.0.1.6235 Remove UK2000 Belfast Xtreme files 10.05.2011 Remove UK2000 Birmingham Xtreme files 10.05.2011 Remove UK2000 Edinburgh Xtreme files 10.05.2011 Remove UK2000 Glasgow Xtreme files 10.05.2011 Remove UK2000 Stansted Xtreme files 10.05.2011 Revit Extensions for Autodesk Revit Structure 2010 Autodesk, Inc. 25.11.2011 2010.1 Revit Extensions for Autodesk Revit Structure 2012 Autodesk 28.11.2011 1.113MB 1.0.0.0 RollerCoaster Tycoon 3 22.07.2011 1.00.000 RPC Plug-in for Autodesk 3ds Max Design 2012 32-bit ArchVision, Inc. 19.11.2011 11,7MB 3.16.0.0 Skype™ 5.5 Skype Technologies S.A. 07.11.2011 17,0MB 5.5.124 Skysoft Simulation ZPMS 2011 Skysoft Simulation 01.01.2012 81,3MB 1.00.0000 Skysoft Simulation ZSOF - Hefei Luogang Int'l Skysoft Simulation 01.10.2011 158,1MB 1.02.0928 Skysoft Simulation ZUJZ - Jiuzhai Huanglong Airport Skysoft Simulation 01.01.2012 90,6MB 1.00.0000 Skysoft Simulation ZULZ - Luzhou Lantian Airport Skysoft Simulation 01.01.2012 48,2MB 1.01.0930 SmartDraw 2010 08.11.2011 SmartDraw PDF Filter 08.11.2011 SPORE™ Electronic Arts 31.07.2011 1.00.0000 SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 eRightSoft 03.01.2012 42,7MB v2011.build.49 System Requirements Lab 03.10.2011 TJSJ San Juan 10.05.2011 TomTom HOME 2.8.2.2264 TomTom 08.08.2011 2.8.2.2264 TomTom HOME Visual Studio Merge Modules TomTom International B.V. 07.08.2011 1,88MB 1.0.2 Ubisoft Game Launcher UBISOFT 22.11.2011 1.0.0.0 UK2000 Bristol Xtreme FS9 UK2000 Scenery 11.05.2011 3.04 UK2000 Liverpool Xtreme FS9 UK2000 Scenery 11.05.2011 1.00 UK2000 London City Xtreme FS9 UK2000 Scenery 30.11.2011 1.00 UK2000 Manchester Xtreme %simname% Uninstall 10.05.2011 VHHH Hong Kong FS2004 09.05.2011 VLC media player 1.1.11 VideoLAN 17.09.2011 1.1.11 Wartung Samsung ML-1660 Series Samsung Electronics Co., Ltd. 21.07.2011 Windows Live ID Sign-in Assistant Microsoft Corporation 13.05.2011 5,52MB 6.500.3165.0 Windows Media Player Firefox Plugin Microsoft Corp 30.11.2011 0,29MB 1.0.0.8 WinRAR 4.00 (32-Bit) win.rar GmbH 05.05.2011 4.00.0 |
|
07.01.2012, 16:41
| #7 | ||
| /// Helfer-Team | Bundespolizei - Trojaner, natoinal crime unitZitat:
Zitat:
1. Deine Javaversion ist nicht aktuell! → Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 2. reinige dein System mit CCleaner:
3.
4. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 5. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Bundespolizei - Trojaner, natoinal crime unit |
| 32 bit, antivir, autorun, avira, bho, bonanza, cloud, crime, dateisystem, desktop, document, error, excel.exe, failed, fehler, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, host.exe, hängen, install.exe, langs, logfile, microsoft office word, nicht gefunden, nvidia update, object, plug-in, plug-ins, problem, realtek, registry, required, rundll, scan, sched.exe, security, senden, studio, super, taskhost.exe, taskmanager, trojan.ransom.gen, trojaner, trojaner-board, usb, version=1.0, visual studio, webcheck |
.
Linear-Darstellung
