| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.06.2012, 13:15
| #1 |
| |  TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Tag zusammen. Auch ich wurde nun Opfer eines Angriffs. Nachdem ich von der Softronic Seite einen TGP Converter gezogen hatte, fing es an. Mein MSE hat sich leider unverzüglich ausgeschaltet sowie die Firewall von Windows. Darauf hatte ich mir Antivir (c:\Programme(x86)\Avira\AntiVir Desktop\avcenter) installiert der mir jetzt anzeigt das er genau diesen Trojaner fand. Hier mal die OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2012 14:01:05 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads 64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,96% Memory free 15,83 Gb Paging File | 12,63 Gb Available in Paging File | 79,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,79 Gb Total Space | 40,61 Gb Free Space | 46,25% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 47,17 Gb Free Space | 96,61% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 111,37 Gb Free Space | 76,03% Space Free | Partition Type: NTFS Drive F: | 98,96 Gb Total Space | 75,35 Gb Free Space | 76,15% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 13:59:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.10.18 18:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.10.03 15:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.07.21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.07.09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.08.22 20:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2011.12.12 03:57:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2009.08.22 20:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.13 14:17:52 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.12 16:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2011.01.12 16:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.05 14:19:59 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.13 14:17:10 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 12:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.12.12 03:57:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.10.03 23:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.18 13:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.06.12 21:43:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 44 77 6A 9A 2F CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3C029863-5A9E-4C1A-BFB0-841706C2F7CB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: E:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_ptnrs=%5EABT&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPSPWRAP.DLL CHR - Extension: Avira Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.2.23832_0\ CHR - Extension: TV = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Kingdom Rush = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: YoWindow Wetter = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.30_0\ CHR - Extension: Super Mario World = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkihmbmfokomgcblenhedokepnlhjpmb\2.5_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: Super Mario Bros = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbanmklbelbcamgokhjgcojkogbgkig\3.6_0\ CHR - Extension: Google Maps = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\ CHR - Extension: Facebook Notifications = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.10 12:04:49 | 000,001,037 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 nero.com O1 - Hosts: 127.0.0.1 www.nero.com O1 - Hosts: 127.0.0.1 activate.nero.com O1 - Hosts: 127.0.0.1 www.activate.nero.com O1 - Hosts: 127.0.0.1 nero.de O1 - Hosts: 127.0.0.1 www.nero.de O1 - Hosts: 127.0.0.1 activate.nero.de O1 - Hosts: 127.0.0.1 www.activate.nero.de O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [EPSON SX430 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\CHRIST~1\AppData\Local\Temp\E_S94B1.tmp" /EF "HKCU" File not found O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629DB53C-63F7-4B12-B094-804005A1F68A}: DhcpNameServer = 81.173.194.69 81.173.194.77 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.13 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2012.06.13 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.06.13 12:25:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 12:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.13 12:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.06.13 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN [2012.06.13 12:14:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.13 12:14:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.13 12:14:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.13 12:12:24 | 000,000,000 | ---D | C] -- D:\Simply Super Software [2012.06.13 12:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.06.13 12:04:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.06.13 11:52:01 | 000,000,000 | ---D | C] -- D:\Any Video Converter [2012.06.13 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.06.13 11:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012.06.13 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2012.06.13 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\4Videosoft Studio [2012.06.13 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Aiseesoft Studio [2012.06.13 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\XnView [2012.06.13 11:33:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.06.13 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{37851551-6739-4DBF-B6B0-DD21A168148B} [2012.06.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EE9D0652-F572-4129-AF8A-DE6AB63E35CF} [2012.06.12 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:38:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\GPUMonitor [2012.06.11 12:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.06.10 21:52:45 | 000,000,000 | ---D | C] -- D:\ANNO 1404 Venedig [2012.06.10 21:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2012.06.10 20:49:22 | 000,000,000 | ---D | C] -- D:\Nero [2012.06.10 20:40:30 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.06.10 19:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.06.10 19:55:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.10 19:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.06.10 19:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.06.10 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.06.10 19:52:13 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Adobe Mini Bridge CS5 [2012.06.10 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Nero [2012.06.10 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVD Shrink [2012.06.10 13:03:42 | 000,260,678 | ---- | C] (DVD Shrink) -- C:\Users\xxx\Desktop\DVD Shrink 2.3 German.exe [2012.06.10 13:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2012.06.10 12:59:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero_AG [2012.06.10 12:32:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.10 11:25:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero [2012.06.10 11:23:16 | 000,000,000 | ---D | C] -- D:\NeroVision [2012.06.10 11:22:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nero [2012.06.10 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.06.10 11:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.06.10 11:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.06.10 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.06.10 11:01:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D1CE5C5E-77EA-4B62-B84E-E366858D7507} [2012.06.10 11:01:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{41116FC5-4735-4D5A-8294-A8672442D885} [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:47:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.09 11:07:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0306ADCF-9557-4830-9CE5-0DC49742F585} [2012.06.09 11:07:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1055FC-E5E4-43DC-AE51-1D4DF10A0BB4} [2012.06.06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EF90D0BF-87AC-4F72-83DC-AF927ED949B0} [2012.06.06 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7D3951A8-AD42-4AC1-9EEA-CC31720DB4D2} [2012.06.05 08:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6F0F04F5-6EC1-4A76-BA41-EF197765B7A2} [2012.06.05 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6E0AEF98-4DDB-4491-A14B-8FC0F97D6131} [2012.06.04 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.04 20:50:39 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.06.04 20:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.06.04 20:50:36 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.06.04 20:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.06.04 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3313889D-BE15-4A6D-B0BA-1EB349481239} [2012.06.04 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72BA3D97-00D8-4BB4-B4A6-296E8711700D} [2012.06.03 13:06:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8E0123CF-4C2A-4C05-A8E5-CBFE4C9DDE4C} [2012.06.03 13:06:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EB7927F3-437F-46A9-B20F-9066CF07E8E2} [2012.06.02 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72EAC6AC-40C3-4A06-844C-921B0E9D12D2} [2012.06.02 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BDD0EB14-5C21-47FD-80A4-D095C6D1A6D3} [2012.06.01 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F7FBEF0E-C968-461E-A24B-ADF5FE67A59B} [2012.06.01 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D52D7AD4-509B-4F38-A716-9A1B7A077EAC} [2012.05.31 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C64387C-7727-4849-A399-49576C121E7D} [2012.05.31 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{642A039C-DE65-4AB5-9A89-B3AF62E594A6} [2012.05.31 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2AA8047C-617A-4098-BE0A-B61CBAD1F7DB} [2012.05.31 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4706BB82-F7B8-44B2-BBF3-41EA9689A5EB} [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.05.30 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3ADB0DAF-1354-4D98-805F-3342CD9C7E37} [2012.05.30 12:21:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F2CE015-9514-4467-A7A5-2150B96DDCD7} [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- D:\Diablo III [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.29 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.29 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C4C05D51-1515-4E5C-A98A-33BFCFBC3B15} [2012.05.29 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8C251031-8995-4C31-93FA-867A344F8319} [2012.05.28 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{303281CF-A4DE-4CA9-B157-1071A8B958CB} [2012.05.28 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0964C69F-B618-4208-B255-9560C58A875F} [2012.05.28 00:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2012.05.28 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2012.05.27 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{32323149-A646-435F-B5B8-8DB87EF167B6} [2012.05.27 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{46A6EB67-451D-409B-87D9-BEAD70E1C4FA} [2012.05.26 23:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.05.26 22:38:07 | 000,000,000 | ---D | C] -- D:\Settlers7 [2012.05.26 22:21:51 | 000,000,000 | ---D | C] -- D:\ANNO 2070 [2012.05.26 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ubisoft Game Launcher [2012.05.26 22:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.05.26 21:48:46 | 000,000,000 | ---D | C] -- D:\OpenTTD [2012.05.26 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{937E7C9C-75E5-4583-9626-266359BBD2AA} [2012.05.26 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{12473144-2A72-4811-96AE-F33B6AAB1C7C} [2012.05.25 23:20:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{23FE6624-96C9-4C5B-9478-2C484768E26C} [2012.05.25 23:20:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4555DB9B-C99C-48F1-B402-3127DF50C6E3} [2012.05.24 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F1D9F76-E47D-492D-AEB4-FAB0DF1A81D1} [2012.05.24 21:36:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CCD1693C-DCA1-4A27-AF86-2F4E666B5154} [2012.05.23 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- D:\The Movies [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.22 20:28:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.05.22 12:13:46 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012.05.22 12:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies [2012.05.22 12:10:00 | 000,000,000 | ---D | C] -- D:\MeinSpore-Kreationen [2012.05.22 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.05.22 12:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios [2012.05.22 11:42:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SAdK [2012.05.22 11:42:07 | 000,000,000 | ---D | C] -- D:\SAdK [2012.05.22 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.22 11:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce [2012.05.22 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.05.22 11:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.05.22 11:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.05.22 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 10:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD [2012.05.22 10:02:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8A6BDC49-5067-4816-B4DD-E745E665F123} [2012.05.22 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{15E5F896-0511-4990-8EAE-61EF0B66A296} [2012.05.21 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C33E8C4-2CD3-4873-B2BF-41AE94995EF2} [2012.05.21 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A7CEE673-4B79-4994-926A-F50F23ADBCC2} [2012.05.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F269E48E-0CC5-4ECE-BA62-21552B710E96} [2012.05.20 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{064CB7A5-1AAF-449A-96C2-ACEC300B881C} [2012.05.19 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3FBB5CC1-7068-452C-BBBD-068DE77864C6} [2012.05.19 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1D0F75-AD7D-4E37-A26A-39C14039CF5E} [2012.05.18 12:59:51 | 000,000,000 | ---D | C] -- D:\Prüfung [2012.05.18 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4C2AEBA9-0AA4-492A-9678-146520DDF3FA} [2012.05.18 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8D7DF2FD-C632-4D09-BF24-99EC008AABD4} [2012.05.16 10:30:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{38B432B8-2EF4-4733-A74F-9BA5549CFDA2} [2012.05.15 21:29:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0F7A5EAD-AA95-4F9C-8F32-E7CD498930FE} [2012.05.15 21:29:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C1E3F48D-22FF-44DA-A490-35E42D82AC7C} [2012.05.14 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6BC73A99-8C02-4F67-B40D-B2A1CA1E8C16} [2012.05.14 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{53ECF689-D097-4978-B04A-F65295DA3E1A} ========== Files - Modified Within 30 Days ========== [2012.06.13 13:59:11 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.06.13 13:23:39 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:23:39 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:16:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000UA.job [2012.06.13 13:15:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 13:15:20 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 12:25:59 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:14:49 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 11:51:43 | 000,001,243 | ---- | M] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:32:01 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 11:32:01 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 11:32:01 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 11:32:01 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 11:32:01 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 21:48:17 | 000,000,412 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 13:40:46 | 000,043,740 | ---- | M] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.12 12:18:09 | 000,002,429 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.06.11 09:05:01 | 004,897,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.10 21:07:41 | 000,001,077 | ---- | M] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 16:16:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000Core.job [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:49 | 000,001,037 | ---- | M] () -- D:\hosts [2012.06.09 16:07:59 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll [2012.06.09 15:50:20 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | M] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | M] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:38:29 | 000,001,094 | ---- | M] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | M] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo ========== Files Created - No Company Name ========== [2012.06.13 13:59:11 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.06.13 13:58:08 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000032.@ [2012.06.13 13:49:37 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@ [2012.06.13 13:37:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000008.@ [2012.06.13 12:25:11 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:14:49 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 12:12:21 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.06.13 12:12:21 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.06.13 11:51:43 | 000,001,243 | ---- | C] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:46:04 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\L\00000004.@ [2012.06.13 11:46:03 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000000.@ [2012.06.13 11:45:54 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000004.@ [2012.06.13 11:45:54 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\000000cb.@ [2012.06.13 11:09:36 | 000,057,344 | ---- | C] () -- C:\h2format.exe [2012.06.12 21:48:17 | 000,000,412 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 12:14:38 | 000,043,740 | ---- | C] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.10 21:07:41 | 000,001,077 | ---- | C] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 15:52:37 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:32 | 000,001,037 | ---- | C] () -- D:\hosts [2012.06.09 15:50:20 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | C] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | C] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:43:52 | 000,001,094 | ---- | C] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | C] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.05.26 22:40:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.05.11 20:12:26 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.05.08 20:15:57 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2012.05.05 20:47:24 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.05.05 14:40:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\@ [2012.05.05 13:37:33 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.07.26 16:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.06.13 11:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.05.05 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2012.06.04 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 20:53:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.06 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON [2012.05.22 20:28:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.30 12:43:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.06.13 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 11:33:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.05.22 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.06.10 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:58:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft [2012.05.08 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer [2012.06.13 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\XnView [2009.07.14 07:08:49 | 000,019,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Und die Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.06.2012 14:01:05 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads
64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,96% Memory free
15,83 Gb Paging File | 12,63 Gb Available in Paging File | 79,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 87,79 Gb Total Space | 40,61 Gb Free Space | 46,25% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 47,17 Gb Free Space | 96,61% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 111,37 Gb Free Space | 76,03% Space Free | Partition Type: NTFS
Drive F: | 98,96 Gb Total Space | 75,35 Gb Free Space | 76,15% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS
Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon SELPHY CP760" = Canon SELPHY CP760
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9B92288B-5DC5-74A2-5E76-C4DE4864B76E}" = Warner Bros. Digital Copy Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Spezialeffekte
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF7CBA18-9222-11DC-AEA9-6FAA56D89593}" = SimCity™ Societies Demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AmUStor" = Alcor Micro USB Card Reader
"Any Video Converter_is1" = Any Video Converter 3.3.9
"ArtMoney SE_is1" = ArtMoney SE v7.38
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"dcmsvc_is1" = dcmsvc 1.0
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Spezialeffekte
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenTTD" = OpenTTD 1.2.0${APPV_EXTRA}
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SADK" = Die Siedler - Aufbruch der Kulturen
"SpeedFan" = SpeedFan (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.3
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2012 08:31:33 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.52 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1780 Startzeit:
01cd3f26dc535c31 Endzeit: 7 Anwendungspfad: C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID:
89e3098f-ab1c-11e1-a5bd-c860001d60ce
Error - 02.06.2012 10:51:21 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version:
8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd
ID
des fehlerhaften Prozesses: 0xab8 Startzeit der fehlerhaften Anwendung: 0x01cd40cf1b7a6dd1
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll
Berichtskennung:
6a572fb4-acc2-11e1-84f0-c860001d60ce
Error - 05.06.2012 11:03:51 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version:
8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd
ID
des fehlerhaften Prozesses: 0xaa0 Startzeit der fehlerhaften Anwendung: 0x01cd432c5f20fffc
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll
Berichtskennung:
a8b2a6dd-af1f-11e1-afd1-c860001d60ce
Error - 10.06.2012 14:14:27 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper,
Version: 14.0.4755.1000, Zeitstempel: 0x4b989df1 Name des fehlerhaften Moduls: ole32.dll,
Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset:
0x0003bc21 ID des fehlerhaften Prozesses: 0x15c8 Startzeit der fehlerhaften Anwendung:
0x01cd4734708e9c26 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common
Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 1d0d4033-b328-11e1-9910-c860001d60ce
Error - 10.06.2012 14:16:37 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper,
Version: 14.0.4755.1000, Zeitstempel: 0x4b989df1 Name des fehlerhaften Moduls: ole32.dll,
Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset:
0x0003bc21 ID des fehlerhaften Prozesses: 0x13b8 Startzeit der fehlerhaften Anwendung:
0x01cd4735232de464 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common
Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 6a6a8fe4-b328-11e1-9910-c860001d60ce
Error - 10.06.2012 15:07:46 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MT-eXperience.exe, Version: 0.0.0.0,
Zeitstempel: 0x48384665 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0077e853 ID des fehlerhaften
Prozesses: 0xf8c Startzeit der fehlerhaften Anwendung: 0x01cd473c51328cf7 Pfad der
fehlerhaften Anwendung: E:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\MT-eXperience.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 8fcf82d3-b32f-11e1-9910-c860001d60ce
Error - 10.06.2012 15:08:06 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MT-eXperience.exe, Version: 0.0.0.0,
Zeitstempel: 0x48384665 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0077e853 ID des fehlerhaften
Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01cd473c5dd30a13 Pfad der
fehlerhaften Anwendung: E:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\MT-eXperience.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 9b86b914-b32f-11e1-9910-c860001d60ce
Error - 13.06.2012 06:44:11 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version:
8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd
ID
des fehlerhaften Prozesses: 0xcd4 Startzeit der fehlerhaften Anwendung: 0x01cd49516980454f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll
Berichtskennung:
b565529a-b544-11e1-86bb-c860001d60ce
Error - 13.06.2012 07:59:55 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.48.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020f47 ID des fehlerhaften Prozesses:
0x94 Startzeit der fehlerhaften Anwendung: 0x01cd495c09836c43 Pfad der fehlerhaften
Anwendung: C:\Users\xxx\Downloads\OTL.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
49a6073b-b54f-11e1-b544-c860001d60ce
Error - 13.06.2012 08:00:15 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.48.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020f47 ID des fehlerhaften Prozesses:
0x6b4 Startzeit der fehlerhaften Anwendung: 0x01cd495c178d2225 Pfad der fehlerhaften
Anwendung: C:\Users\xxx\Downloads\OTL.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
55aa2339-b54f-11e1-b544-c860001d60ce
[ System Events ]
Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 06:44:09 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 13.06.2012 06:44:09 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 13.06.2012 07:15:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 07:15:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.06.2012 07:15:42 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 13.06.2012 07:16:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 13.06.2012 07:16:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
< End of report >
Hatte natürlich noch was vergessen. Die Antivir Log Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 13. Juni 2012 13:24 Es wird nach 3831809 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : CHRISTIAN-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48 AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50 LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36 AVREG.DLL : 12.3.0.17 232200 Bytes 13.06.2012 10:16:02 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 10:15:51 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 10:15:51 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 10:15:51 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 10:15:52 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 10:15:52 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 10:15:52 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 10:15:52 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 10:15:52 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 10:15:52 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 10:15:52 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 10:15:53 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 10:15:53 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 10:15:53 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 10:15:54 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 10:15:54 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 10:15:54 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 10:15:55 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 10:15:55 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 10:15:55 VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 10:15:56 VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 10:15:56 VBASE026.VDF : 7.11.32.172 2048 Bytes 12.06.2012 10:15:56 VBASE027.VDF : 7.11.32.173 2048 Bytes 12.06.2012 10:15:56 VBASE028.VDF : 7.11.32.174 2048 Bytes 12.06.2012 10:15:56 VBASE029.VDF : 7.11.32.175 2048 Bytes 12.06.2012 10:15:56 VBASE030.VDF : 7.11.32.176 2048 Bytes 12.06.2012 10:15:56 VBASE031.VDF : 7.11.32.190 26112 Bytes 13.06.2012 10:15:56 Engineversion : 8.2.10.80 AEVDF.DLL : 8.1.2.8 106867 Bytes 13.06.2012 10:16:01 AESCRIPT.DLL : 8.1.4.24 450939 Bytes 13.06.2012 10:16:01 AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36 AESBX.DLL : 8.2.5.10 606580 Bytes 13.06.2012 10:16:02 AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32 AEPACK.DLL : 8.2.16.16 807288 Bytes 13.06.2012 10:16:01 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 16:41:32 AEHEUR.DLL : 8.1.4.36 4874615 Bytes 13.06.2012 10:16:00 AEHELP.DLL : 8.1.21.0 254326 Bytes 13.06.2012 10:15:57 AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 16:41:31 AEEXP.DLL : 8.1.0.44 82293 Bytes 13.06.2012 10:16:02 AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29 AECORE.DLL : 8.1.25.10 201080 Bytes 13.06.2012 10:15:57 AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28 AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21 AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31 AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35 AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49 SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02 AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35 NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51 RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd8765b\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Mittwoch, 13. Juni 2012 13:24 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RivaTuner.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dcmsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SonicFocusTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@' C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e7d746.qua' verschoben! Ende des Suchlaufs: Mittwoch, 13. Juni 2012 13:25 Benötigte Zeit: 01:02 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 36 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 35 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Malware findet nichts. Hoffentlich könnt ihr mir helfen ohne das ich mein System neu aufsetzen muss. Geändert von Sueppi (13.06.2012 um 13:28 Uhr) |
| Themen zu TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden |
| adblock, alternate, antivir, autorun, avira, avira searchfree toolbar, bho, bootstrapper, browser, canon, cid, converter, desktop, document, error, firefox, flash player, focus, format, google, helper, home, install.exe, installation, langs, logfile, microsoft office word, mp3, neu aufsetzen, nt.dll, nvidia update, nvpciflt.sys, object, plug-in, realtek, registry, rundll, scan, searchscopes, security, super, system neu, trojaner, version=1.0, wscript.exe |
Baum-Darstellung