| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner auf meinem LaptopWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.09.2012, 08:57
| #1 |
 |  GVU-Trojaner auf meinem Laptop Hallo zusammen, schon seit längerem habe ich den GVU-Trojaner auf meinem Laptop. Fing ihn mir ein als ich einen Film streamen wollte, den ich in der google-suche gesucht habe. Habe einen x-beliebigen Link angeklickt und schon war er da. Als ich meinen Laptop dann mal ohne Internetverbindung (fern ab von meinem Router) hochfuhr, hatte ich wieder zugriff und konnte mit dem Luke Filewalker (Avira) eine Systemüberprüfung durchführen. Diese hat mir dann auch etwas angezeigt, ich löschte es und dachte das Problem sei behoben. (Naiv wie ich jetzt weiß). Nun erhalte ich, wenn ich meinen Laptop starte zu Beginn immer eine Fehlermeldung das ein Modul nicht gefunden werden kann (c:\users\Tim\AppData\Local\Temp\fe0_zip.exe). Habe die ersten Schritte bereits durchgeführt und an diesen Beitrag angehangen. Bin jetzt erst dazu gekommen, da ich, als ich, Dateinen auf eine externe Festplatte kopieren wollte Probleme hatte und glaube das es an besagtem Trojaner liegt. Kann das sein??? Ich bedanke mich schonmal herzlich bei Euch im voraus und hoffe hier eine Lösung für mein Problem zu finden!!!  OTL Logfile:Code:
ATTFilter OTL logfile created on: 15.09.2012 20:58:58 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Tim\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 64,10% Memory free 6,08 Gb Paging File | 4,95 Gb Available in Paging File | 81,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 36,56 Gb Free Space | 32,81% Space Free | Partition Type: NTFS Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.15 20:51:18 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.10 20:02:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Tim\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.07.02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE PRC - [2008.06.11 11:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.14 18:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.04.28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 09:41:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.18 09:38:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.18 09:37:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.12 13:38:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 03:55:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 03:52:40 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 03:52:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.06.11 11:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.05.14 18:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.04.28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2008.02.05 17:32:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.02.05 17:32:07 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.02.05 17:32:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ========== Services (SafeList) ========== SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\usb3jrcv.sys -- (usb3jrcv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_7730z IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {2EB715F0-9BA0-444F-A8B4-9E0886E24F6C} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0CA48AA3-0831-4924-940A-B9BE5A4242FF}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE IE - HKCU\..\SearchScopes\{2EB715F0-9BA0-444F-A8B4-9E0886E24F6C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{514B8DFF-4823-46C0-8396-3E1D123EBF3E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{92762EF5-0E23-4366-A6BA-1D1AE3D26D4C}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{C4E6FEF1-2855-4012-8907-5A90847CED85}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKCU\..\SearchScopes\{D81CF5C3-0D0B-4CF8-93AA-FC8EAAF70C93}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.12 20:12:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.12 20:12:25 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://startsear.ch/?aff=1 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92ECCD73-3691-41A6-8106-001219538A6A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C57539-2EA8-41B6-BAE9-091C9ADFD946}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{08707553-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{08707587-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{08707591-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{087075c6-0ef7-11de-83ec-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{1fda5aff-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{1fda5b01-e266-11dd-ab38-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{2e04dd9a-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{2e04dddd-0f01-11de-b8c3-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{36d361a5-e0c0-11dd-aa46-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7a352ee6-e0ca-11dd-a9e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{7a352f09-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{7a352f18-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{7a352f20-e0ca-11dd-a9e1-00238b376914}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{8b1f70fd-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{8b1f7101-0f27-11de-bd85-00238b376914}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{b298231c-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{b2982356-0e51-11de-b6c9-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{c5b7ab40-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{c5b7ab41-117a-11de-b4d2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{d74167de-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{d74167e6-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell - "" = AutoRun O33 - MountPoints2\{d74167e8-0e58-11de-8fa2-00238b376914}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e7ce5471-d877-11de-8b7f-00238b376914}\Shell\AutoRun\command - "" = F:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.15 20:50:39 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.09.15 14:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin [2012.09.07 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play65 [2012.09.07 19:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Play65 [2012.09.07 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Play65 [2012.09.07 19:01:33 | 000,261,224 | ---- | C] (Play65) -- C:\Users\Tim\Desktop\InstallPlay65.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.15 20:51:18 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.09.15 20:49:04 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable [2012.09.15 20:47:35 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.09.15 20:36:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.15 19:08:17 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 19:08:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 19:08:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job [2012.09.15 19:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.15 19:07:48 | 3144,589,312 | -HS- | M] () -- C:\hiberfil.sys [2012.09.15 17:02:51 | 000,093,696 | ---- | M] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.15 16:48:40 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI [2012.09.15 14:02:12 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2012.09.15 14:01:36 | 000,911,295 | ---- | M] () -- C:\Users\Tim\Desktop\AntiTwin_Setup.exe [2012.09.15 13:56:36 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.15 13:56:36 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.15 13:56:36 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.15 13:56:36 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.07 19:05:38 | 000,000,851 | ---- | M] () -- C:\Users\Tim\Desktop\Play65.lnk [2012.09.07 19:01:34 | 000,261,224 | ---- | M] (Play65) -- C:\Users\Tim\Desktop\InstallPlay65.exe [2012.08.19 11:00:15 | 000,300,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.15 20:49:04 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable [2012.09.15 20:47:34 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.09.15 14:02:13 | 000,000,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk [2012.09.15 14:02:12 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2012.09.15 14:01:35 | 000,911,295 | ---- | C] () -- C:\Users\Tim\Desktop\AntiTwin_Setup.exe [2012.09.07 19:05:38 | 000,000,851 | ---- | C] () -- C:\Users\Tim\Desktop\Play65.lnk [2012.07.23 15:29:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad [2012.06.02 15:27:41 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe [2011.08.12 16:24:23 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2009.03.13 11:54:19 | 022,102,584 | ---- | C] () -- C:\Program Files\antivir_workstation_winu_de_h337.exe [2009.01.12 18:46:47 | 000,000,680 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat [2009.01.10 20:57:46 | 000,093,696 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2009.01.15 20:43:40 | 000,000,000 | -HSD | M] -- C:\Users\Tim\AppData\Roaming\.# [2010.10.22 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Absolute Poker [2008.02.05 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Acer GameZone Console [2009.01.15 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Big Fish Games [2009.01.11 02:30:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\eSobi [2010.03.30 01:54:14 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Gaijin Ent [2011.04.10 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ICQ [2009.10.13 19:18:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LG Electronics [2009.09.20 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LGSync [2012.07.09 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia [2012.07.09 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia Ovi Suite [2012.02.18 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PacificPoker [2011.02.16 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PC Suite [2010.04.16 13:04:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Uniblue [2009.01.12 18:49:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Vodafone [2012.09.15 19:08:06 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job [2012.09.15 17:17:22 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9E22BBE8 < End of report > |
| Themen zu GVU-Trojaner auf meinem Laptop |
| antivir, autorun, avira, bho, bonjour, defender, explorer, fehlermeldung, festplatte, firefox, format, helper, home, intranet, launch, logfile, object, origin, plug-in, popup, problem, realtek, registry, scan, software, systemüberprüfung, temp, usb, vista |
Baum-Darstellung