| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
13.06.2012, 13:15
| #1 |
| |  TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Tag zusammen. Auch ich wurde nun Opfer eines Angriffs. Nachdem ich von der Softronic Seite einen TGP Converter gezogen hatte, fing es an. Mein MSE hat sich leider unverzüglich ausgeschaltet sowie die Firewall von Windows. Darauf hatte ich mir Antivir (c:\Programme(x86)\Avira\AntiVir Desktop\avcenter) installiert der mir jetzt anzeigt das er genau diesen Trojaner fand. Hier mal die OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2012 14:01:05 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads 64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,96% Memory free 15,83 Gb Paging File | 12,63 Gb Available in Paging File | 79,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,79 Gb Total Space | 40,61 Gb Free Space | 46,25% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 47,17 Gb Free Space | 96,61% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 111,37 Gb Free Space | 76,03% Space Free | Partition Type: NTFS Drive F: | 98,96 Gb Total Space | 75,35 Gb Free Space | 76,15% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 13:59:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.10.18 18:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.10.03 15:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.07.21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.07.09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.08.22 20:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2011.12.12 03:57:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2009.08.22 20:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.13 14:17:52 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.12 16:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2011.01.12 16:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.05 14:19:59 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.13 14:17:10 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 12:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.12.12 03:57:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.10.03 23:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.18 13:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.06.12 21:43:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 44 77 6A 9A 2F CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3C029863-5A9E-4C1A-BFB0-841706C2F7CB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: E:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_ptnrs=%5EABT&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPSPWRAP.DLL CHR - Extension: Avira Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.2.23832_0\ CHR - Extension: TV = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Kingdom Rush = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: YoWindow Wetter = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.30_0\ CHR - Extension: Super Mario World = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkihmbmfokomgcblenhedokepnlhjpmb\2.5_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: Super Mario Bros = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbanmklbelbcamgokhjgcojkogbgkig\3.6_0\ CHR - Extension: Google Maps = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\ CHR - Extension: Facebook Notifications = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.10 12:04:49 | 000,001,037 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 nero.com O1 - Hosts: 127.0.0.1 www.nero.com O1 - Hosts: 127.0.0.1 activate.nero.com O1 - Hosts: 127.0.0.1 www.activate.nero.com O1 - Hosts: 127.0.0.1 nero.de O1 - Hosts: 127.0.0.1 www.nero.de O1 - Hosts: 127.0.0.1 activate.nero.de O1 - Hosts: 127.0.0.1 www.activate.nero.de O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [EPSON SX430 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\CHRIST~1\AppData\Local\Temp\E_S94B1.tmp" /EF "HKCU" File not found O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629DB53C-63F7-4B12-B094-804005A1F68A}: DhcpNameServer = 81.173.194.69 81.173.194.77 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.13 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2012.06.13 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.06.13 12:25:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 12:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.13 12:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.06.13 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN [2012.06.13 12:14:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.13 12:14:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.13 12:14:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.13 12:12:24 | 000,000,000 | ---D | C] -- D:\Simply Super Software [2012.06.13 12:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.06.13 12:04:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.06.13 11:52:01 | 000,000,000 | ---D | C] -- D:\Any Video Converter [2012.06.13 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.06.13 11:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012.06.13 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2012.06.13 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\4Videosoft Studio [2012.06.13 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Aiseesoft Studio [2012.06.13 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\XnView [2012.06.13 11:33:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.06.13 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{37851551-6739-4DBF-B6B0-DD21A168148B} [2012.06.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EE9D0652-F572-4129-AF8A-DE6AB63E35CF} [2012.06.12 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:38:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\GPUMonitor [2012.06.11 12:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.06.10 21:52:45 | 000,000,000 | ---D | C] -- D:\ANNO 1404 Venedig [2012.06.10 21:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2012.06.10 20:49:22 | 000,000,000 | ---D | C] -- D:\Nero [2012.06.10 20:40:30 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.06.10 19:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.06.10 19:55:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.10 19:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.06.10 19:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.06.10 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.06.10 19:52:13 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Adobe Mini Bridge CS5 [2012.06.10 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Nero [2012.06.10 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVD Shrink [2012.06.10 13:03:42 | 000,260,678 | ---- | C] (DVD Shrink) -- C:\Users\xxx\Desktop\DVD Shrink 2.3 German.exe [2012.06.10 13:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2012.06.10 12:59:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero_AG [2012.06.10 12:32:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.10 11:25:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero [2012.06.10 11:23:16 | 000,000,000 | ---D | C] -- D:\NeroVision [2012.06.10 11:22:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nero [2012.06.10 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.06.10 11:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.06.10 11:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.06.10 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.06.10 11:01:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D1CE5C5E-77EA-4B62-B84E-E366858D7507} [2012.06.10 11:01:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{41116FC5-4735-4D5A-8294-A8672442D885} [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:47:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.09 11:07:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0306ADCF-9557-4830-9CE5-0DC49742F585} [2012.06.09 11:07:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1055FC-E5E4-43DC-AE51-1D4DF10A0BB4} [2012.06.06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EF90D0BF-87AC-4F72-83DC-AF927ED949B0} [2012.06.06 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7D3951A8-AD42-4AC1-9EEA-CC31720DB4D2} [2012.06.05 08:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6F0F04F5-6EC1-4A76-BA41-EF197765B7A2} [2012.06.05 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6E0AEF98-4DDB-4491-A14B-8FC0F97D6131} [2012.06.04 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.04 20:50:39 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.06.04 20:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.06.04 20:50:36 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.06.04 20:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.06.04 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3313889D-BE15-4A6D-B0BA-1EB349481239} [2012.06.04 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72BA3D97-00D8-4BB4-B4A6-296E8711700D} [2012.06.03 13:06:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8E0123CF-4C2A-4C05-A8E5-CBFE4C9DDE4C} [2012.06.03 13:06:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EB7927F3-437F-46A9-B20F-9066CF07E8E2} [2012.06.02 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72EAC6AC-40C3-4A06-844C-921B0E9D12D2} [2012.06.02 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BDD0EB14-5C21-47FD-80A4-D095C6D1A6D3} [2012.06.01 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F7FBEF0E-C968-461E-A24B-ADF5FE67A59B} [2012.06.01 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D52D7AD4-509B-4F38-A716-9A1B7A077EAC} [2012.05.31 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C64387C-7727-4849-A399-49576C121E7D} [2012.05.31 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{642A039C-DE65-4AB5-9A89-B3AF62E594A6} [2012.05.31 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2AA8047C-617A-4098-BE0A-B61CBAD1F7DB} [2012.05.31 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4706BB82-F7B8-44B2-BBF3-41EA9689A5EB} [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.05.30 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3ADB0DAF-1354-4D98-805F-3342CD9C7E37} [2012.05.30 12:21:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F2CE015-9514-4467-A7A5-2150B96DDCD7} [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- D:\Diablo III [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.29 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.29 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C4C05D51-1515-4E5C-A98A-33BFCFBC3B15} [2012.05.29 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8C251031-8995-4C31-93FA-867A344F8319} [2012.05.28 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{303281CF-A4DE-4CA9-B157-1071A8B958CB} [2012.05.28 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0964C69F-B618-4208-B255-9560C58A875F} [2012.05.28 00:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2012.05.28 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2012.05.27 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{32323149-A646-435F-B5B8-8DB87EF167B6} [2012.05.27 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{46A6EB67-451D-409B-87D9-BEAD70E1C4FA} [2012.05.26 23:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.05.26 22:38:07 | 000,000,000 | ---D | C] -- D:\Settlers7 [2012.05.26 22:21:51 | 000,000,000 | ---D | C] -- D:\ANNO 2070 [2012.05.26 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ubisoft Game Launcher [2012.05.26 22:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.05.26 21:48:46 | 000,000,000 | ---D | C] -- D:\OpenTTD [2012.05.26 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{937E7C9C-75E5-4583-9626-266359BBD2AA} [2012.05.26 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{12473144-2A72-4811-96AE-F33B6AAB1C7C} [2012.05.25 23:20:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{23FE6624-96C9-4C5B-9478-2C484768E26C} [2012.05.25 23:20:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4555DB9B-C99C-48F1-B402-3127DF50C6E3} [2012.05.24 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F1D9F76-E47D-492D-AEB4-FAB0DF1A81D1} [2012.05.24 21:36:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CCD1693C-DCA1-4A27-AF86-2F4E666B5154} [2012.05.23 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- D:\The Movies [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.22 20:28:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.05.22 12:13:46 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012.05.22 12:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies [2012.05.22 12:10:00 | 000,000,000 | ---D | C] -- D:\MeinSpore-Kreationen [2012.05.22 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.05.22 12:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios [2012.05.22 11:42:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SAdK [2012.05.22 11:42:07 | 000,000,000 | ---D | C] -- D:\SAdK [2012.05.22 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.22 11:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce [2012.05.22 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.05.22 11:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.05.22 11:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.05.22 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 10:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD [2012.05.22 10:02:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8A6BDC49-5067-4816-B4DD-E745E665F123} [2012.05.22 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{15E5F896-0511-4990-8EAE-61EF0B66A296} [2012.05.21 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C33E8C4-2CD3-4873-B2BF-41AE94995EF2} [2012.05.21 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A7CEE673-4B79-4994-926A-F50F23ADBCC2} [2012.05.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F269E48E-0CC5-4ECE-BA62-21552B710E96} [2012.05.20 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{064CB7A5-1AAF-449A-96C2-ACEC300B881C} [2012.05.19 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3FBB5CC1-7068-452C-BBBD-068DE77864C6} [2012.05.19 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1D0F75-AD7D-4E37-A26A-39C14039CF5E} [2012.05.18 12:59:51 | 000,000,000 | ---D | C] -- D:\Prüfung [2012.05.18 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4C2AEBA9-0AA4-492A-9678-146520DDF3FA} [2012.05.18 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8D7DF2FD-C632-4D09-BF24-99EC008AABD4} [2012.05.16 10:30:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{38B432B8-2EF4-4733-A74F-9BA5549CFDA2} [2012.05.15 21:29:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0F7A5EAD-AA95-4F9C-8F32-E7CD498930FE} [2012.05.15 21:29:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C1E3F48D-22FF-44DA-A490-35E42D82AC7C} [2012.05.14 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6BC73A99-8C02-4F67-B40D-B2A1CA1E8C16} [2012.05.14 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{53ECF689-D097-4978-B04A-F65295DA3E1A} ========== Files - Modified Within 30 Days ========== [2012.06.13 13:59:11 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.06.13 13:23:39 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:23:39 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:16:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000UA.job [2012.06.13 13:15:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 13:15:20 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 12:25:59 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:14:49 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 11:51:43 | 000,001,243 | ---- | M] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:32:01 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 11:32:01 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 11:32:01 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 11:32:01 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 11:32:01 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 21:48:17 | 000,000,412 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 13:40:46 | 000,043,740 | ---- | M] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.12 12:18:09 | 000,002,429 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.06.11 09:05:01 | 004,897,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.10 21:07:41 | 000,001,077 | ---- | M] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 16:16:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000Core.job [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:49 | 000,001,037 | ---- | M] () -- D:\hosts [2012.06.09 16:07:59 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll [2012.06.09 15:50:20 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | M] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | M] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:38:29 | 000,001,094 | ---- | M] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | M] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo ========== Files Created - No Company Name ========== [2012.06.13 13:59:11 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.06.13 13:58:08 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000032.@ [2012.06.13 13:49:37 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@ [2012.06.13 13:37:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000008.@ [2012.06.13 12:25:11 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:14:49 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 12:12:21 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.06.13 12:12:21 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.06.13 11:51:43 | 000,001,243 | ---- | C] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:46:04 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\L\00000004.@ [2012.06.13 11:46:03 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000000.@ [2012.06.13 11:45:54 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000004.@ [2012.06.13 11:45:54 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\000000cb.@ [2012.06.13 11:09:36 | 000,057,344 | ---- | C] () -- C:\h2format.exe [2012.06.12 21:48:17 | 000,000,412 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 12:14:38 | 000,043,740 | ---- | C] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.10 21:07:41 | 000,001,077 | ---- | C] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 15:52:37 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:32 | 000,001,037 | ---- | C] () -- D:\hosts [2012.06.09 15:50:20 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | C] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | C] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:43:52 | 000,001,094 | ---- | C] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | C] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.05.26 22:40:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.05.11 20:12:26 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.05.08 20:15:57 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2012.05.05 20:47:24 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.05.05 14:40:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\@ [2012.05.05 13:37:33 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.07.26 16:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.06.13 11:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.05.05 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2012.06.04 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 20:53:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.06 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON [2012.05.22 20:28:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.30 12:43:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.06.13 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 11:33:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.05.22 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.06.10 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:58:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft [2012.05.08 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer [2012.06.13 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\XnView [2009.07.14 07:08:49 | 000,019,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Und die Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.06.2012 14:01:05 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads
64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,96% Memory free
15,83 Gb Paging File | 12,63 Gb Available in Paging File | 79,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 87,79 Gb Total Space | 40,61 Gb Free Space | 46,25% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 47,17 Gb Free Space | 96,61% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 111,37 Gb Free Space | 76,03% Space Free | Partition Type: NTFS
Drive F: | 98,96 Gb Total Space | 75,35 Gb Free Space | 76,15% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS
Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon SELPHY CP760" = Canon SELPHY CP760
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9B92288B-5DC5-74A2-5E76-C4DE4864B76E}" = Warner Bros. Digital Copy Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Spezialeffekte
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF7CBA18-9222-11DC-AEA9-6FAA56D89593}" = SimCity™ Societies Demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AmUStor" = Alcor Micro USB Card Reader
"Any Video Converter_is1" = Any Video Converter 3.3.9
"ArtMoney SE_is1" = ArtMoney SE v7.38
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"dcmsvc_is1" = dcmsvc 1.0
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Spezialeffekte
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenTTD" = OpenTTD 1.2.0${APPV_EXTRA}
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SADK" = Die Siedler - Aufbruch der Kulturen
"SpeedFan" = SpeedFan (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.3
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2012 08:31:33 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.52 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1780 Startzeit:
01cd3f26dc535c31 Endzeit: 7 Anwendungspfad: C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID:
89e3098f-ab1c-11e1-a5bd-c860001d60ce
Error - 02.06.2012 10:51:21 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version:
8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd
ID
des fehlerhaften Prozesses: 0xab8 Startzeit der fehlerhaften Anwendung: 0x01cd40cf1b7a6dd1
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll
Berichtskennung:
6a572fb4-acc2-11e1-84f0-c860001d60ce
Error - 05.06.2012 11:03:51 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version:
8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd
ID
des fehlerhaften Prozesses: 0xaa0 Startzeit der fehlerhaften Anwendung: 0x01cd432c5f20fffc
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll
Berichtskennung:
a8b2a6dd-af1f-11e1-afd1-c860001d60ce
Error - 10.06.2012 14:14:27 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper,
Version: 14.0.4755.1000, Zeitstempel: 0x4b989df1 Name des fehlerhaften Moduls: ole32.dll,
Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset:
0x0003bc21 ID des fehlerhaften Prozesses: 0x15c8 Startzeit der fehlerhaften Anwendung:
0x01cd4734708e9c26 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common
Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 1d0d4033-b328-11e1-9910-c860001d60ce
Error - 10.06.2012 14:16:37 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper,
Version: 14.0.4755.1000, Zeitstempel: 0x4b989df1 Name des fehlerhaften Moduls: ole32.dll,
Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset:
0x0003bc21 ID des fehlerhaften Prozesses: 0x13b8 Startzeit der fehlerhaften Anwendung:
0x01cd4735232de464 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common
Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 6a6a8fe4-b328-11e1-9910-c860001d60ce
Error - 10.06.2012 15:07:46 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MT-eXperience.exe, Version: 0.0.0.0,
Zeitstempel: 0x48384665 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0077e853 ID des fehlerhaften
Prozesses: 0xf8c Startzeit der fehlerhaften Anwendung: 0x01cd473c51328cf7 Pfad der
fehlerhaften Anwendung: E:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\MT-eXperience.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 8fcf82d3-b32f-11e1-9910-c860001d60ce
Error - 10.06.2012 15:08:06 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MT-eXperience.exe, Version: 0.0.0.0,
Zeitstempel: 0x48384665 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0077e853 ID des fehlerhaften
Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01cd473c5dd30a13 Pfad der
fehlerhaften Anwendung: E:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\MT-eXperience.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 9b86b914-b32f-11e1-9910-c860001d60ce
Error - 13.06.2012 06:44:11 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version:
8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd
ID
des fehlerhaften Prozesses: 0xcd4 Startzeit der fehlerhaften Anwendung: 0x01cd49516980454f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll
Berichtskennung:
b565529a-b544-11e1-86bb-c860001d60ce
Error - 13.06.2012 07:59:55 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.48.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020f47 ID des fehlerhaften Prozesses:
0x94 Startzeit der fehlerhaften Anwendung: 0x01cd495c09836c43 Pfad der fehlerhaften
Anwendung: C:\Users\xxx\Downloads\OTL.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
49a6073b-b54f-11e1-b544-c860001d60ce
Error - 13.06.2012 08:00:15 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.48.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020f47 ID des fehlerhaften Prozesses:
0x6b4 Startzeit der fehlerhaften Anwendung: 0x01cd495c178d2225 Pfad der fehlerhaften
Anwendung: C:\Users\xxx\Downloads\OTL.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
55aa2339-b54f-11e1-b544-c860001d60ce
[ System Events ]
Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 06:44:09 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 13.06.2012 06:44:09 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 13.06.2012 07:15:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 07:15:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 07:15:42 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 13.06.2012 07:16:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 13.06.2012 07:16:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
< End of report >
Hatte natürlich noch was vergessen. Die Antivir Log Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 13. Juni 2012 13:24 Es wird nach 3831809 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : CHRISTIAN-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48 AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50 LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36 AVREG.DLL : 12.3.0.17 232200 Bytes 13.06.2012 10:16:02 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 10:15:51 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 10:15:51 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 10:15:51 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 10:15:52 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 10:15:52 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 10:15:52 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 10:15:52 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 10:15:52 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 10:15:52 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 10:15:52 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 10:15:53 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 10:15:53 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 10:15:53 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 10:15:54 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 10:15:54 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 10:15:54 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 10:15:55 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 10:15:55 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 10:15:55 VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 10:15:56 VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 10:15:56 VBASE026.VDF : 7.11.32.172 2048 Bytes 12.06.2012 10:15:56 VBASE027.VDF : 7.11.32.173 2048 Bytes 12.06.2012 10:15:56 VBASE028.VDF : 7.11.32.174 2048 Bytes 12.06.2012 10:15:56 VBASE029.VDF : 7.11.32.175 2048 Bytes 12.06.2012 10:15:56 VBASE030.VDF : 7.11.32.176 2048 Bytes 12.06.2012 10:15:56 VBASE031.VDF : 7.11.32.190 26112 Bytes 13.06.2012 10:15:56 Engineversion : 8.2.10.80 AEVDF.DLL : 8.1.2.8 106867 Bytes 13.06.2012 10:16:01 AESCRIPT.DLL : 8.1.4.24 450939 Bytes 13.06.2012 10:16:01 AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36 AESBX.DLL : 8.2.5.10 606580 Bytes 13.06.2012 10:16:02 AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32 AEPACK.DLL : 8.2.16.16 807288 Bytes 13.06.2012 10:16:01 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 16:41:32 AEHEUR.DLL : 8.1.4.36 4874615 Bytes 13.06.2012 10:16:00 AEHELP.DLL : 8.1.21.0 254326 Bytes 13.06.2012 10:15:57 AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 16:41:31 AEEXP.DLL : 8.1.0.44 82293 Bytes 13.06.2012 10:16:02 AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29 AECORE.DLL : 8.1.25.10 201080 Bytes 13.06.2012 10:15:57 AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28 AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21 AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31 AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35 AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49 SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02 AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35 NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51 RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd8765b\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Mittwoch, 13. Juni 2012 13:24 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RivaTuner.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dcmsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SonicFocusTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@' C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e7d746.qua' verschoben! Ende des Suchlaufs: Mittwoch, 13. Juni 2012 13:25 Benötigte Zeit: 01:02 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 36 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 35 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Malware findet nichts. Hoffentlich könnt ihr mir helfen ohne das ich mein System neu aufsetzen muss. Geändert von Sueppi (13.06.2012 um 13:28 Uhr) |
|
13.06.2012, 14:04
| #2 |
  | TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi,
__________________Rootkit... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris Ps.: Falls CF nicht läuft, im abgesicherten Modus probieren (F8 beim Booten drücken)
__________________ Geändert von Chris4You (13.06.2012 um 14:19 Uhr) |
|
13.06.2012, 14:42
| #3 |
| | TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden So, Combofix wurde jetzt im Abgesicherten Modus ausgeführt.
__________________Hier die Log Datei Combofix Logfile: Code:
ATTFilter ComboFix 12-06-13.01 - xxx 13.06.2012 15:28:37.1.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8104.6728 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\invokesi.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\@
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\L\00000004.@
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\L\201d3dde
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000004.@
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000008.@
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\000000cb.@
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000000.@
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000032.@
c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-13 bis 2012-06-13 ))))))))))))))))))))))))))))))
.
.
2012-06-13 13:33 . 2012-06-13 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 13:33 . 2012-06-13 13:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-13 10:25 . 2012-06-13 10:25 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2012-06-13 10:25 . 2012-06-13 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-13 10:25 . 2012-06-13 10:25 -------- d-----w- c:\programdata\Malwarebytes
2012-06-13 10:25 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 10:14 . 2012-06-13 10:14 -------- d-----w- c:\users\xxx\AppData\Local\APN
2012-06-13 10:14 . 2012-06-13 13:13 -------- d-----w- c:\programdata\Avira
2012-06-13 10:12 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-06-13 10:12 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-06-13 10:12 . 2012-06-13 10:12 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-06-13 10:12 . 2012-06-13 10:12 -------- d-----w- c:\users\xxx\AppData\Roaming\Simply Super Software
2012-06-13 10:12 . 2012-06-13 10:12 -------- d-----w- c:\programdata\Simply Super Software
2012-06-13 10:04 . 2012-06-13 10:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-13 09:51 . 2012-06-13 09:51 -------- d-----w- c:\users\xxx\AppData\Roaming\AnvSoft
2012-06-13 09:51 . 2012-06-13 09:51 -------- d-----w- c:\program files (x86)\AnvSoft
2012-06-13 09:46 . 2012-06-13 09:46 -------- d-----w- c:\users\xxx\AppData\Local\4Videosoft Studio
2012-06-13 09:37 . 2012-06-13 09:37 -------- d-----w- c:\users\xxx\AppData\Local\Aiseesoft Studio
2012-06-13 09:34 . 2012-06-13 09:46 -------- d-----w- c:\users\xxx\AppData\Roaming\XnView
2012-06-13 09:33 . 2012-06-13 09:33 -------- d-----w- c:\users\xxx\AppData\Roaming\SpiritON TV Software
2012-06-13 09:09 . 2003-01-06 11:13 57344 ----a-w- C:\h2format.exe
2012-06-12 19:42 . 2012-06-12 19:43 -------- d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-06-12 19:38 . 2012-06-12 19:38 -------- d-----w- c:\users\xxx\AppData\Local\GPUMonitor
2012-06-12 10:22 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49AAE345-83CC-475B-9C74-D7DBC6F14103}\mpengine.dll
2012-06-11 10:42 . 2012-06-11 10:42 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-10 18:40 . 2012-06-13 11:47 -------- d-----w- c:\windows\AutoKMS
2012-06-10 17:55 . 2012-06-10 17:55 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-06-10 17:55 . 2012-06-10 17:55 -------- d-----w- c:\windows\PCHEALTH
2012-06-10 17:52 . 2012-06-10 17:52 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-10 17:52 . 2012-06-10 17:52 -------- d-----r- C:\MSOCache
2012-06-10 16:28 . 2012-06-10 16:28 -------- d-----w- c:\users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-06-10 16:28 . 2012-06-10 16:28 -------- d-----w- c:\users\xxx\AppData\Roaming\Adobe Mini Bridge CS5
2012-06-10 13:52 . 2012-06-10 13:52 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-06-10 13:52 . 2012-06-10 13:52 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-10 12:01 . 2012-06-10 12:01 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-10 12:01 . 2012-06-10 12:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-10 12:00 . 2012-06-10 12:00 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-10 11:04 . 2012-06-10 12:43 -------- d-----w- c:\users\xxx\AppData\Roaming\DVD Shrink
2012-06-10 11:00 . 2012-06-10 11:00 -------- d-----w- c:\programdata\DVD Shrink
2012-06-10 10:44 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-10 09:25 . 2012-06-10 09:25 -------- d-----w- c:\users\xxx\AppData\Local\Nero
2012-06-10 09:22 . 2012-06-10 09:22 -------- d-----w- c:\users\xxx\AppData\Roaming\Nero
2012-06-10 09:22 . 2012-06-10 09:22 -------- d-----w- c:\program files (x86)\Nero
2012-06-10 09:11 . 2012-06-10 09:22 -------- d-----w- c:\programdata\Nero
2012-06-10 09:10 . 2012-06-10 09:11 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-09 13:50 . 2012-06-09 13:50 86528 ----a-w- c:\windows\bnetunin.exe
2012-06-09 13:50 . 2012-06-09 13:50 61440 ----a-w- c:\windows\diabswun.exe
2012-06-09 13:47 . 2012-06-09 13:47 -------- d--h--w- c:\programdata\Common Files
2012-06-04 18:50 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-06-04 18:50 . 2012-04-18 11:49 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-06-04 18:50 . 2012-06-04 18:53 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-06-04 18:50 . 2012-03-06 13:43 80024 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2012-06-04 18:50 . 2012-03-06 13:43 772248 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-04 18:50 . 2012-03-06 13:43 4421272 ----a-w- c:\windows\SysWow64\mfc100u.dll
2012-06-04 18:50 . 2012-03-06 13:43 419480 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-06-04 18:50 . 2012-03-06 13:43 136344 ----a-w- c:\windows\SysWow64\atl100.dll
2012-06-04 18:49 . 2012-06-04 18:53 -------- d-----w- c:\users\xxx\AppData\Roaming\DVDVideoSoft
2012-05-30 10:27 . 2012-05-30 10:43 -------- d-----w- c:\users\xxx\AppData\Roaming\Notepad++
2012-05-29 11:32 . 2012-05-29 11:32 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-29 11:30 . 2012-05-29 11:30 -------- d-----w- c:\programdata\Battle.net
2012-05-27 22:43 . 2012-05-27 22:43 -------- d-----w- c:\program files\Speccy
2012-05-26 21:22 . 2012-05-26 21:22 -------- d-----w- c:\program files (x86)\Lavalys
2012-05-26 21:02 . 2012-06-12 20:10 -------- d-----w- c:\program files (x86)\SpeedFan
2012-05-26 20:14 . 2012-05-26 20:17 -------- d-----w- c:\users\xxx\AppData\Local\Ubisoft Game Launcher
2012-05-26 20:13 . 2012-06-10 16:43 -------- d-----w- c:\programdata\Solidshield
2012-05-22 18:28 . 2012-05-22 18:28 -------- d-----w- c:\users\xxx\AppData\Roaming\Lionhead Studios
2012-05-22 10:13 . 2012-05-22 10:13 -------- d-sh--w- c:\windows\ftpcache
2012-05-22 10:09 . 2012-05-22 10:10 -------- d-----w- c:\users\xxx\AppData\Roaming\SPORE
2012-05-22 10:08 . 2012-05-22 10:08 -------- d-----w- c:\programdata\Lionhead Studios
2012-05-22 09:42 . 2012-05-23 14:49 -------- d-----w- c:\users\xxx\AppData\Local\SAdK
2012-05-22 09:28 . 2012-05-22 09:28 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-05-22 09:28 . 2012-05-22 09:28 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-05-22 09:27 . 2012-05-22 09:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 09:46 . 2012-05-05 11:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 09:46 . 2012-05-05 11:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 19:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-05 19:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-05 14:20 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 14:19 . 2012-05-05 14:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-05 14:19 . 2012-05-05 14:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-05 14:19 . 2012-05-05 14:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-05 14:19 . 2012-05-05 14:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-05 14:19 . 2012-05-05 14:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-05 14:19 . 2012-05-05 14:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-05 14:19 . 2012-05-05 14:19 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-05 14:19 . 2012-05-05 14:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-05 14:19 . 2012-05-05 14:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-05 14:19 . 2012-05-05 14:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-05 14:19 . 2012-05-05 14:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-05 14:19 . 2012-05-05 14:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-05 14:19 . 2012-05-05 14:19 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-05 14:19 . 2012-05-05 14:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-05 14:19 . 2012-05-05 14:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-05 14:19 . 2012-05-05 14:19 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-05 14:19 . 2012-05-05 14:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-05 14:19 . 2012-05-05 14:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-05 14:19 . 2012-05-05 14:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-05 14:19 . 2012-05-05 14:19 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-05 14:19 . 2012-05-05 14:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-05 14:19 . 2012-05-05 14:19 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-05 14:19 . 2012-05-05 14:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-05 14:19 . 2012-05-05 14:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-05 14:19 . 2012-05-05 14:19 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-05 14:19 . 2012-05-05 14:19 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-05 14:19 . 2012-05-05 14:19 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-05 14:19 . 2012-05-05 14:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-05 14:19 . 2012-05-05 14:19 448512 ----a-w- c:\windows\system32\html.iec
2012-05-05 14:19 . 2012-05-05 14:19 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-05 14:19 . 2012-05-05 14:19 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-05 14:19 . 2012-05-05 14:19 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-05 14:19 . 2012-05-05 14:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-05 14:19 . 2012-05-05 14:19 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-05 12:19 . 2010-08-24 15:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2012-05-05 12:00 . 2012-05-05 12:00 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 12:00 . 2012-05-05 12:00 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-05 11:43 . 2012-05-05 11:43 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{521EF502-5B37-4067-A03C-27780A2D450A}\gapaengine.dll
2012-04-13 12:17 . 2012-04-13 12:17 16128 ----a-w- c:\windows\system32\drivers\TurboB.sys
2012-03-31 06:05 . 2012-05-12 17:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 17:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 17:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 17:50 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 17:47 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-19 21:44 . 2012-03-19 21:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-19 21:44 . 2012-03-19 21:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-19 21:44 . 2012-03-19 21:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-19 21:44 . 2012-03-19 21:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-19 21:44 . 2012-03-19 21:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 21:44 . 2012-03-19 21:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-19 21:44 . 2012-03-19 21:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-19 21:44 . 2012-03-19 21:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-19 21:42 . 2012-03-19 21:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-19 21:32 . 2012-03-19 21:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-19 21:31 . 2011-07-26 14:22 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-19 21:31 . 2012-03-19 21:31 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-19 21:31 . 2012-03-19 21:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-19 21:31 . 2012-03-19 21:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-19 21:26 . 2012-03-19 21:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-19 21:25 . 2012-03-19 21:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-19 21:22 . 2011-07-26 14:09 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-19 21:11 . 2012-03-19 21:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-19 20:31 . 2012-03-19 20:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-19 20:21 . 2012-03-19 20:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-19 20:18 . 2012-03-19 20:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-19 20:18 . 2012-03-19 20:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-19 20:18 . 2012-03-19 20:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-19 20:18 . 2012-03-19 20:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-19 20:18 . 2012-03-19 20:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-19 20:18 . 2012-03-19 20:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2012-4-13 207360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-12 131072]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-12 2348864]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-06-12 19952]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-04-13 149504]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000Core.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 14:11]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000UA.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 14:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-18 13370472]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47&v=11.1.0.7&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - f:\micros~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 81.173.194.69 81.173.194.77
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-MsMpSvc
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3201743549-792140521-1694852398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3201743549-792140521-1694852398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-13 15:38:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-13 13:38
.
Vor Suchlauf: 8 Verzeichnis(se), 44.388.012.032 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 46.606.802.944 Bytes frei
.
- - End Of File - - D582B8748B09BF2AE01AB5E306898906
|
|
13.06.2012, 15:25
| #4 |
| | TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, bitte Fullscan mit Avira... Cureit Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
13.06.2012, 18:13
| #5 |
| | TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden So. Die nächste Aktion ist beendet. Hier jetzt die Log bzw. nur die Infiziert gefundenen Teile. ----------------------------------------------------------------------------- Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 394649 Infiziert: 2 Modifikationen: 0 Verdächtig: 0 Adware: 0 Dialer: 0 Scherzprogramme: 0 Riskware: 0 Hacktools: 1 Desinfiziert: 0 Gelöscht: 1 Umbenannt: 0 Verschoben: 1 Ignoriert: 0 Geschwindigkeit:: 468 Kb/s Dauer:: 2:20:52 ----------------------------------------------------------------------------- C:\Qoobox\Quarantine\C\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000008.@.vir - gelöscht ============================================================================= Gesamtsitzungsstatistik ============================================================================= Gescannt: 395774 Infiziert: 3 Modifikationen: 0 Verdächtig: 0 Adware: 0 Dialer: 0 Scherzprogramme: 0 Riskware: 0 Hacktools: 1 Desinfiziert: 0 Gelöscht: 3 Umbenannt: 0 Verschoben: 1 Ignoriert: 0 Geschwindigkeit:: 47 Kb/s Dauer:: 2:21:44 Hier aber nochmal die Datei die in der Anleitung beschrieben wurde. DrWeb.txt dcmsvc.exe;c:\program files (x86)\dcmsvc;Trojan.DownLoader4.24087;Gelöscht.; OTL.exe;C:\Documents and Settings\xxx\Downloads;Trojan.Siggen4.4395;Nicht desinfizierbar.Verschoben.; 00000008.@.vir;C:\Qoobox\Quarantine\C\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U;Tool.BtcMine.26;; 80000032.@.vir;C:\Qoobox\Quarantine\C\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U;BackDoor.Maxplus.5209;Gelöscht.; Geändert von Sueppi (13.06.2012 um 18:22 Uhr) |
|
14.06.2012, 06:52
| #6 |
| | TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, sieht gut aus... Abschließend noch ein neues Log von OTL posten und TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ --> TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden |
|
| Themen zu TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden |
| adblock, alternate, antivir, autorun, avira, avira searchfree toolbar, bho, bootstrapper, browser, canon, cid, converter, desktop, document, error, firefox, flash player, focus, format, google, helper, home, install.exe, installation, langs, logfile, microsoft office word, mp3, neu aufsetzen, nt.dll, nvidia update, nvpciflt.sys, object, plug-in, realtek, registry, rundll, scan, searchscopes, security, super, system neu, trojaner, version=1.0, wscript.exe |
Hybrid-Darstellung
