| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Redirect VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.12.2012, 22:03
| #1 |
| |  Google Redirect Virus Hallo! Ich habe seit Wochen oder Monaten diesen Google Redirect Virus. Ich habe Firefox neu installiert, TDSSKiller ausprobiert, Malwarebytes laufen lassen, unbekannte Software deinstalliert, die Registry mit CCCleaner gereinigt etc. Nichts hat etwas geändert. Das Board hier scheint mir die einzige Möglichkeit... Kann mir hier bitte jemand helfen?!  Dirk OTL Logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.12.2012 21:43:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frida\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,32% Memory free 8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,98 Gb Total Space | 24,26 Gb Free Space | 30,33% Space Free | Partition Type: NTFS Drive D: | 170,90 Gb Total Space | 146,98 Gb Free Space | 86,00% Space Free | Partition Type: NTFS Drive E: | 345,19 Gb Total Space | 189,99 Gb Free Space | 55,04% Space Free | Partition Type: NTFS Drive G: | 237,54 Gb Total Space | 79,75 Gb Free Space | 33,57% Space Free | Partition Type: NTFS Drive H: | 60,55 Gb Total Space | 42,99 Gb Free Space | 71,00% Space Free | Partition Type: NTFS Computer Name: FRIDA-PC | User Name: Frida | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.30 21:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frida\Desktop\OTL.exe PRC - [2012.12.11 20:39:52 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 20:39:44 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 20:39:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.10 20:11:50 | 007,416,320 | ---- | M] (Google Inc.) -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\MusicManager.exe PRC - [2012.12.09 23:50:43 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.04.13 09:48:35 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.11.30 16:42:30 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Frida\AppData\Local\Apps\2.0\8BAZYAXY.59Y\61W89LOC.QZG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.02.13 11:17:57 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ========== Modules (No Company Name) ========== MOD - [2012.12.10 20:00:40 | 000,344,064 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll MOD - [2012.12.10 20:00:28 | 000,231,936 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll MOD - [2012.12.10 19:59:52 | 000,117,248 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libaacdec.dll MOD - [2012.12.10 19:59:50 | 000,253,440 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libid3tag.dll MOD - [2012.12.09 23:50:43 | 002,240,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012.12.09 23:50:43 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2012.12.09 23:50:43 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.16 07:28:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012.11.16 07:27:50 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012.11.16 07:27:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.16 07:27:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.16 07:27:35 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll MOD - [2012.11.16 07:27:34 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012.11.16 07:27:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.16 07:27:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.16 07:27:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.16 07:27:21 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.16 07:27:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.09.25 16:53:12 | 000,026,624 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll MOD - [2012.09.25 16:53:02 | 010,683,392 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll MOD - [2012.09.25 16:53:02 | 001,681,408 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll MOD - [2012.09.25 16:53:00 | 007,741,952 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtGui4.dll MOD - [2012.09.25 16:52:58 | 002,248,192 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtCore4.dll MOD - [2010.11.30 16:42:26 | 000,368,640 | ---- | M] () -- C:\Users\Frida\AppData\Local\Apps\2.0\8BAZYAXY.59Y\61W89LOC.QZG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 18:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.24 21:29:05 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.12 00:25:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 20:39:52 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 20:39:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.10 00:19:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.04.13 09:48:35 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.13 11:17:57 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 20:39:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 20:39:55 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.03.30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 06:40:06 | 000,019,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudnflt.sys -- (ssudnflt) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.14 17:52:12 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.04.27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.03.29 21:03:04 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaura.sys -- (avmaura) DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.02 20:06:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.03.02 20:06:45 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.13 13:01:57 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2010.02.13 11:17:57 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- E:\Progz\Unlocker Deleter\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 E0 B0 34 A8 B7 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Progz\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Frida\Program Files (x86)\DNA\plugins\npbtdna.dll File not found FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Frida\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Frida\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 20:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 21:49:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.31 22:31:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Frida\Program Files (x86)\DNA [2012.12.30 20:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frida\AppData\Roaming\mozilla\Extensions [2012.12.30 20:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.15 16:32:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Frida\AppData\Local\Apps\2.0\8BAZYAXY.59Y\61W89LOC.QZG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [MusicManager] C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O4 - Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E003BEC7-AB34-448B-9E19-315998E3BD06}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f3e0efe6-e21e-11e0-90fd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f3e0efe6-e21e-11e0-90fd-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.30 21:43:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frida\Desktop\OTL.exe [2012.12.30 20:59:31 | 000,000,000 | ---D | C] -- C:\Users\Frida\Desktop\CCBackup [2012.12.30 20:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.30 20:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.30 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Roaming\Mozilla [2012.12.30 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Local\Mozilla [2012.12.30 20:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.30 13:15:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.30 13:13:06 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager [2012.12.30 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Local\Programs [2012.12.20 23:35:34 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.12.20 23:35:34 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.12.18 23:09:53 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Local\My Games [2012.12.18 23:02:07 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.18 20:46:48 | 000,000,000 | ---D | C] -- C:\Users\Frida\Documents\Amazon Downloader Logs [2012.12.17 23:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.30 21:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frida\Desktop\OTL.exe [2012.12.30 21:42:50 | 000,000,000 | ---- | M] () -- C:\Users\Frida\defogger_reenable [2012.12.30 21:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.30 21:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000UA.job [2012.12.30 21:01:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.30 20:58:17 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 20:50:27 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.30 20:32:40 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 20:32:40 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 20:32:17 | 003,841,030 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.30 20:32:17 | 001,605,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.30 20:32:17 | 001,131,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.30 20:32:17 | 001,002,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.30 20:32:17 | 000,006,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.30 20:25:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.30 20:25:16 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\qazxst.job [2012.12.30 20:25:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.30 20:25:06 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2012.12.30 18:07:17 | 000,000,221 | ---- | M] () -- C:\Users\Frida\Desktop\GRID.url [2012.12.30 13:17:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000Core.job [2012.12.25 22:20:01 | 000,000,747 | ---- | M] () -- C:\Users\Frida\Desktop\Samsung Kies (Lite).lnk [2012.12.24 23:59:34 | 001,951,030 | ---- | M] () -- C:\Users\Frida\Desktop\EMS_Time_Attack_Champion-_winner_list.pdf [2012.12.24 21:31:38 | 000,000,222 | ---- | M] () -- C:\Users\Frida\Desktop\RaceRoom Racing Experience.url [2012.12.21 20:59:44 | 000,412,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.18 23:02:07 | 000,000,220 | ---- | M] () -- C:\Users\Frida\Desktop\Sid Meier's Civilization V.url [2012.12.11 20:39:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 20:39:55 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.04 12:54:39 | 000,914,509 | ---- | M] () -- C:\Users\Frida\Desktop\Lohnzettel.pdf [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.30 21:42:50 | 000,000,000 | ---- | C] () -- C:\Users\Frida\defogger_reenable [2012.12.30 20:58:16 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 20:50:27 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.12.30 20:50:27 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.30 18:07:17 | 000,000,221 | ---- | C] () -- C:\Users\Frida\Desktop\GRID.url [2012.12.30 13:12:48 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000UA.job [2012.12.30 13:12:47 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000Core.job [2012.12.25 22:20:01 | 000,000,747 | ---- | C] () -- C:\Users\Frida\Desktop\Samsung Kies (Lite).lnk [2012.12.24 23:59:34 | 001,951,030 | ---- | C] () -- C:\Users\Frida\Desktop\EMS_Time_Attack_Champion-_winner_list.pdf [2012.12.24 21:31:38 | 000,000,222 | ---- | C] () -- C:\Users\Frida\Desktop\RaceRoom Racing Experience.url [2012.12.18 23:02:07 | 000,000,220 | ---- | C] () -- C:\Users\Frida\Desktop\Sid Meier's Civilization V.url [2012.12.04 12:54:39 | 000,914,509 | ---- | C] () -- C:\Users\Frida\Desktop\Lohnzettel.pdf [2012.04.24 13:22:25 | 000,139,264 | RHS- | C] () -- C:\Windows\SysWow64\KBDEST5.dll [2011.10.26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.10.26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.11 10:14:00 | 000,006,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.13 09:48:36 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.13 09:48:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.11.14 22:36:08 | 000,003,584 | ---- | C] () -- C:\Users\Frida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.14 20:49:39 | 000,007,597 | ---- | C] () -- C:\Users\Frida\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.18 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Amazon [2012.04.22 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Ashampoo [2010.08.09 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Auslogics [2010.11.18 12:48:56 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\avidemux [2012.12.30 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Azureus [2010.02.15 16:29:51 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Bierbuden Autoupdate [2010.02.16 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Canneverbe Limited [2012.06.12 19:48:53 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Canon [2010.12.23 10:04:51 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\CD-LabelPrint [2012.09.18 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\com.amazon.music.uploader [2012.12.30 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\DAEMON Tools Lite [2010.03.29 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\DNA [2012.12.02 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Dropbox [2012.05.03 15:11:07 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\e-academy Inc [2012.05.02 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\GetRightToGo [2011.03.29 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\IrfanView [2011.04.25 10:20:35 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Jumping Bytes [2010.03.26 12:26:47 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Leadertech [2010.02.15 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Mathsoft [2010.09.20 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Need for Speed World [2010.02.15 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Notepad++ [2012.02.29 18:47:35 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Origin [2010.11.24 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\PTC [2011.04.13 09:48:34 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\PunkBuster [2010.09.20 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Raptr [2012.11.18 22:43:25 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Samsung [2012.05.02 20:32:23 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Temp [2010.02.18 19:06:08 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Thunderbird [2010.11.24 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Tracker Software ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.12.2012 21:43:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frida\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,32% Memory free
8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 24,26 Gb Free Space | 30,33% Space Free | Partition Type: NTFS
Drive D: | 170,90 Gb Total Space | 146,98 Gb Free Space | 86,00% Space Free | Partition Type: NTFS
Drive E: | 345,19 Gb Total Space | 189,99 Gb Free Space | 55,04% Space Free | Partition Type: NTFS
Drive G: | 237,54 Gb Total Space | 79,75 Gb Free Space | 33,57% Space Free | Partition Type: NTFS
Drive H: | 60,55 Gb Total Space | 42,99 Gb Free Space | 71,00% Space Free | Partition Type: NTFS
Computer Name: FRIDA-PC | User Name: Frida | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073892D2-D59D-4F4F-AD10-EC2C20BC50B8}" = rport=139 | protocol=6 | dir=out | app=system |
"{088D5B8E-959D-41AE-AA6B-F53D73662BA5}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C1FCF52-0E2B-4307-AE8A-FDE681564F3E}" = lport=138 | protocol=17 | dir=in | app=system |
"{15580500-B183-46F6-9550-4235E65A4C6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19A2EB5E-A190-40F7-82CC-165935320A12}" = lport=139 | protocol=6 | dir=in | app=system |
"{211473EB-AE7D-468B-853F-39DC3627539F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{330379CE-851C-4C1A-98F0-7DC3E56FF9E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{342CC0DD-D1E0-405A-B3C4-4DB8512176C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38E268DE-0740-4533-8224-CE66BE48A91F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{484CA5AB-DFDB-4572-B03E-D7003B036A9C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{548700A1-FA30-4231-B707-9387B71E071C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{60F67135-BFEB-4C45-9B24-2028370CA9DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{61D96173-5E34-4AE5-9E45-DFF996FF85E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{652CCB18-55B9-4F29-B806-A0D9FFD548BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B970C09-5356-4039-A4B4-645429141423}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80F032A6-E50E-4121-B0E9-A52EDE5C03DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8660D2B7-A7D9-4414-91CD-83471C617B75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C50CBA2-74E6-4D12-B43B-4675710F003A}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B0FD673-8751-4A86-875D-BCB0AEEE047C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AAF48705-B63F-48FB-8049-CB50A82D8047}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{BDCFA1DD-EB99-405B-AC3D-E589F6C8FBF4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEE9F8A5-23C1-4D1D-9513-B5FD4421D724}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{CC100744-6C42-46A7-84C5-62B8B46BAAFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D05E8EE3-B06D-4E3C-87F1-74BA4AE9826D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1E9EA5A-EFD4-492C-896E-A16EAB328D35}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D4E3C638-D949-40FB-9F53-F391DBADD235}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0F77418-A973-409B-928D-DA6E467A7F56}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAEFBC6-AC8E-46A1-813C-DBBB0CA778D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0EE676AC-213C-4E19-BFD5-CA53327DA857}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{168069FC-383A-45DF-9C62-25B082C7B06A}" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{17668C2F-E3F8-4E56-B3F5-044FB4077C63}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1CA31CEE-263F-4C69-A9D0-00FD3A691D39}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe |
"{1DAE3CD0-E1C7-4DB4-8467-032C389427CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{20AE0417-211D-413C-A0C9-DBF510B85D48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BF0C531-B769-49BC-ACEA-4BEBB128EAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{359DCC20-31A0-4C49-92BF-46C6162363CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{35E9F6CC-51F5-457D-A147-2D7F45E536BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{367BB79E-0A22-4155-A938-EDF5B503EF3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3822D8D3-E3E4-4518-B2DA-7CAC93EDD750}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DFE12B3-D923-467F-BEDE-D1E07A94BE4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3FBF8B76-1EC1-49B1-9A3B-E8B6E1EE5C28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{43EA8B06-7698-4782-BCB6-A2D1A7A1A56E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C5FD93A-CD70-4409-B008-2BEF52976632}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4EE460BA-F714-415C-8D7D-5E9185DA32A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4EFB75BA-B442-4D64-9EDE-21C067999F87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{52C751F5-7693-4CDC-9669-CC159FCA3FAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54D3C2C0-D6CA-45BF-8D4A-42B043AE7A1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{559A98D7-A1FB-4359-80A3-52A59F6EC73A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F37AD5A-2C9E-4353-93E3-BDD95E3DF8A7}" = protocol=6 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{5FEC7044-B74D-4B0A-9A5A-5BF037A0B211}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{6104D690-1B5B-44BD-AFA0-A380A47A89C2}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe |
"{68BA8678-54D7-4D5E-ACFF-D1A9926CBC34}" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{8202C957-1B1D-468D-912B-3CBD50649629}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84249200-2A3A-45BF-BE5F-BE7A0523F60F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{9092311C-478D-40D6-9C92-2323B8315BFF}" = protocol=6 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"{9AEA122F-43CC-445B-AF80-8EF2AF8D257A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{9D9E7E72-EAFC-4E2E-9921-21AA05A31296}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9FCF5BAE-ADEC-4497-957B-0FDCB5AE5158}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A07E3269-C467-4DE1-80F5-04D78EB3C7A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AD74BE26-D83F-435D-8093-10C44E9A4DAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0C191D8-667A-4C5E-8516-AA64AE57D3F8}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe |
"{B34079A4-0FF1-4ED3-ACEA-58D840B4AD0E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B515BBDC-9849-495A-A1A9-CDA69B8622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B86E8454-A092-4E82-B17F-3B8BA33E7697}" = protocol=17 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"{BB331C1C-FFE4-4DD4-B87A-2A54A8431AE7}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe |
"{BED3837C-E5ED-476E-A300-B9F66A8066D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3B10466-CA1D-45AE-BF3D-7C59B7825439}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{C8893BA8-81A2-4735-AC9A-18446F9634D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{CB30F45C-EB92-4161-A063-F5B1F48232AF}" = protocol=17 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{D28A6DFE-2A24-4CE2-9339-FA4A22E720A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D583D493-E56E-418D-9AFC-3A826B65E03B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5FC50B5-A975-432C-A33F-EA4E4CE31728}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6BF40D0-1080-4E52-A9FB-01DDAD12FB32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF27719F-532F-48A4-8864-ED8F089338DC}" = protocol=17 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E2FA29AA-F520-40DF-9DD0-BC1D2EF8D3CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E3669024-1D4E-498E-967E-17210F02569D}" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{E5BB26FE-ACD6-462A-BBA8-31E456C95C02}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EFCECE90-6D34-4E9B-A48A-EC0225A212AE}" = protocol=6 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{F16599A1-103C-4D51-94C9-81180DF5BC63}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F24E4B0D-DA1A-4844-A4B3-A885E20B35B6}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{F5B14257-C98B-4FB5-B798-F9BB96BB37BB}" = protocol=6 | dir=out | app=system |
"{FCAF1BEC-9533-4616-834A-374DDA5ECB0A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{632CA7EA-C4D7-4F50-BEE5-E5E4A78BEC88}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{69A907A8-3736-4EF7-9A1B-6F2EA883B1A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{84316E41-DA59-47B9-880F-3EC8B54CAA19}C:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8C2AD395-CD28-428D-B35A-B85538C7731E}D:\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"TCP Query User{B7F9F03F-3691-4587-832A-A3C1B829CED2}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"TCP Query User{BD1E4136-DCF2-45FD-B6F5-DA0B9C86E82F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{CDD09E58-02C6-499E-BBA4-9640037BFAA7}D:\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"UDP Query User{29AAE19A-6610-4AB4-91BD-6CC084ECF3FA}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"UDP Query User{71F811A5-CCCE-4517-A115-E8D603A13459}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{895AF627-2494-4733-BA3C-21D81F1E55A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{ED42E049-EA39-4D62-A436-75B151F01FF0}D:\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"UDP Query User{EFE56023-93AC-4E9A-BB84-6E57E694C1D0}D:\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"UDP Query User{F3DE8DB1-5FD8-49A7-B424-F9A772EE4065}C:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FC51D89C-AD71-4011-AEBF-681356EEF5B2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{AC3539BE-6ACD-3078-B521-0AC2884720F3}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SP6" = Logitech SetPoint 6.32
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90985FBE-CACF-4796-8EC8-C6CD2E5BB6A7}" = PureSync
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D86CEB96-6B1E-4214-ACEA-83EBEFCA1212}_is1" = OGG MP3 Converter v4.1 build 929
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"ManiaPlanet_is1" = ManiaPlanet
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Notepad++" = Notepad++
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"PC Fresh_is1" = PC Fresh
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"PureSync" = PureSync 3.0.0
"RealPlayer 15.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 12750" = GRID
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"Unlocker" = Unlocker 1.9.0
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"MusicManager" = Music Manager
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2012 16:11:05 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0x01cde6c9c6515cfd
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 0a2a7993-52bd-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:17:55 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x704 Startzeit der fehlerhaften Anwendung: 0x01cde6cac0508f6f
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: fe945921-52bd-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:17:58 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xa48 Startzeit der fehlerhaften Anwendung: 0x01cde6cac2519f6a
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 00728f39-52be-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:18:01 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xc20 Startzeit der fehlerhaften Anwendung: 0x01cde6cac3d7c298
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 01f26906-52be-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:18:04 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xa5c Startzeit der fehlerhaften Anwendung: 0x01cde6cac578efa9
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 039134b6-52be-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:27:19 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xc84 Startzeit der fehlerhaften Anwendung: 0x01cde6cc102dd977
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4e66d588-52bf-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:27:21 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xb98 Startzeit der fehlerhaften Anwendung: 0x01cde6cc11550419
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4f8b9ec9-52bf-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:34:33 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x81c Startzeit der fehlerhaften Anwendung: 0x01cde6cd1394c88d
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 516fc611-52c0-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:41:44 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xa54 Startzeit der fehlerhaften Anwendung: 0x01cde6ce13701ad3
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 526c287c-52c1-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:43:08 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x1338 Startzeit der fehlerhaften Anwendung: 0x01cde6ce465472b6
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 8443a41e-52c1-11e2-98b9-001c4af0f3e2
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.05.2012 16:48:52 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 03.05.2012 16:50:16 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 03.05.2012 16:50:27 | Computer Name = Frida-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 03.05.2012 16:50:30 | Computer Name = Frida-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
[ OSession Events ]
Error - 19.12.2010 10:48:08 | Computer Name = Frida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 339
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.12.2012 16:11:05 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
21 Mal passiert.
Error - 30.12.2012 16:17:55 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
22 Mal passiert.
Error - 30.12.2012 16:17:58 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
23 Mal passiert.
Error - 30.12.2012 16:18:01 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
24 Mal passiert.
Error - 30.12.2012 16:18:04 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
25 Mal passiert.
Error - 30.12.2012 16:27:19 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
26 Mal passiert.
Error - 30.12.2012 16:27:22 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
27 Mal passiert.
Error - 30.12.2012 16:34:33 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
28 Mal passiert.
Error - 30.12.2012 16:41:45 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
29 Mal passiert.
Error - 30.12.2012 16:43:08 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
30 Mal passiert.
< End of report >
Achso: mein Sicherheitscenter lässt sich auch nicht mehr aktivieren... |
|
31.12.2012, 11:55
| #2 | |
| /// TB-Ausbilder  | Google Redirect Virus Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
02.01.2013, 10:18
| #3 |
| /// TB-Ausbilder | Google Redirect Virus Fehlende Rückmeldung
__________________Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ |
|
03.01.2013, 16:14
| #4 |
| /// TB-Ausbilder | Google Redirect Virus Wo sind deine Logfiles?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
03.01.2013, 17:31
| #5 |
| | Google Redirect Virus Hej ryder, Danke für deine Rückmeldung. Meine logfiles folgen gleich. Zunächst muss ich sagen das aswMBR nach einiger Zeit abgebrochen hat mit der Fehlermeldung: "avast! Antirootkit funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht mehr richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist." Selbe Fehlermeldung mit deaktivierter AV-Software. Die sonstigen Logfiles im Anhang "Archiv.zip" (sonst ist die Antwort zu lang). Ohne AV Scan ist der logfile vom aswMBR der Folgende: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-03 17:32:35
-----------------------------
17:32:35.809 OS Version: Windows x64 6.1.7601 Service Pack 1
17:32:35.809 Number of processors: 2 586 0x1706
17:32:35.809 ComputerName: FRIDA-PC UserName: Frida
17:32:36.074 Initialize success
17:32:40.099 AVAST engine defs: 13010300
17:32:50.473 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
17:32:50.473 Disk 0 Vendor: WDC_WD3200KS-00PFB0 21.00M21 Size: 305245MB BusType: 11
17:32:50.473 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
17:32:50.473 Disk 1 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 11
17:32:50.488 Disk 1 MBR read successfully
17:32:50.488 Disk 1 MBR scan
17:32:50.488 Disk 1 Windows VISTA default MBR code
17:32:50.488 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:32:50.504 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 81900 MB offset 206848
17:32:50.504 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 175000 MB offset 167938048
17:32:50.535 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 353478 MB offset 526338048
17:32:50.551 Disk 1 scanning C:\Windows\system32\drivers
17:33:01.954 Service scanning
17:33:17.820 Modules scanning
17:33:17.820 Disk 1 trace - called modules:
17:33:17.851 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:33:17.866 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004985060]
17:33:17.866 3 CLASSPNP.SYS[fffff88001bc143f] -> nt!IofCallDriver -> [0xfffffa800443f1e0]
17:33:17.866 5 ACPI.sys[fffff88000f5a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004433680]
17:33:17.866 Scan finished successfully
17:33:25.230 Disk 1 MBR has been saved successfully to "C:\Users\Frida\Desktop\MBR.dat"
17:33:25.245 The log file has been saved successfully to "C:\Users\Frida\Desktop\aswMBR.txt"
Geändert von gazblaster (03.01.2013 um 17:35 Uhr) Grund: aswMBR erst später ohne AV-Scan durchgeführt |
|
03.01.2013, 18:38
| #6 |
| /// TB-Ausbilder | Google Redirect Virus Und wo sind die anderen Logfiles?
__________________ --> Google Redirect Virus |
|
03.01.2013, 18:39
| #7 |
| | Google Redirect Virus Ich musste die anderen logfiles im Anhang als .zip anhängen, da der Beitrag sonst zu lang geworden wäre... |
|
03.01.2013, 18:58
| #8 |
| /// TB-Ausbilder | Google Redirect Virus Notfalls auf mehrere Posts aufteilen  Ich schau es jetzt durch...
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
03.01.2013, 19:00
| #9 | ||
| /// TB-Ausbilder | Google Redirect Virus Dann weiter: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
03.01.2013, 19:56
| #10 |
| | Google Redirect Virus Ich habe den Echtzeit Scanner von Avira deaktiviert, Combofix hat trotzdem kurz gemeckert. Ist dann allerdings durchgelaufen und hat folgendes logfile erstellt: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-01-03.05 - Frida 03.01.2013 19:43:22.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2592 [GMT 1:00]
ausgeführt von:: c:\users\Frida\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\tmp2203.tmp
c:\windows\SysWow64\tmp2213.tmp
c:\windows\SysWow64\tmp3219.tmp
c:\windows\SysWow64\tmp3239.tmp
c:\windows\SysWow64\tmp4347.tmp
c:\windows\SysWow64\tmp4367.tmp
c:\windows\SysWow64\tmp733D.tmp
c:\windows\SysWow64\tmp735D.tmp
c:\windows\SysWow64\tmp9905.tmp
c:\windows\SysWow64\tmp9925.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 18:48 . 2013-01-03 18:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-03 18:48 . 2013-01-03 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-30 19:58 . 2012-12-30 19:58 -------- d-----w- c:\program files\CCleaner
2012-12-30 19:50 . 2012-12-30 19:50 -------- d-----w- c:\users\Frida\AppData\Local\Mozilla
2012-12-30 12:13 . 2012-12-30 12:13 -------- d-----w- c:\users\Frida\AppData\Local\Programs
2012-12-20 23:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 23:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-20 23:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 23:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 22:35 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-12-20 22:35 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-12-18 22:09 . 2012-12-18 22:09 -------- d-----w- c:\users\Frida\AppData\Local\My Games
2012-12-17 22:17 . 2012-12-17 22:17 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-13 00:02 . 2012-11-14 07:11 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-12-12 21:41 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 00:04 . 2010-02-13 11:36 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 23:25 . 2012-05-04 08:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 23:25 . 2011-05-24 10:52 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 19:39 . 2012-11-02 21:19 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 19:39 . 2012-11-02 21:19 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-03 15:47 . 2012-10-31 19:46 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-10-31 19:46 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-10-31 19:46 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-31 19:46 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-03 15:47 . 2012-10-31 19:46 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-10-31 19:46 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-10-31 19:46 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-01 05:49 . 2012-10-31 19:47 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-10-31 19:47 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-10-31 19:47 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-10-31 19:47 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-10-31 19:47 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-10-31 19:47 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-10-31 19:47 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-31 21:32 . 2012-10-31 21:32 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-31 21:32 . 2012-05-24 08:12 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-31 21:32 . 2010-06-17 10:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-31 20:50 . 2010-02-12 19:39 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-31 20:50 . 2010-02-12 19:39 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-10-16 08:38 . 2012-11-27 18:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 18:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 18:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 19:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-15 19:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 19:17 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 19:17 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Frida\AppData\Local\Apps\2.0\8BAZYAXY.59Y\61W89LOC.QZG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2010-11-30 147456]
"MusicManager"="c:\users\Frida\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-12-10 7416320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
c:\users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
speedfan - Verknüpfung.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2011-11-3 4657048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-02-13 90112]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 cpuz130;cpuz130;c:\users\Frida\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\DRIVERS\ssudnflt.sys [2011-02-18 19520]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-11-14 116096]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-03-29 116096]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 23:25]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 17:51]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 17:51]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000Core.job
- c:\users\Frida\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-30 12:12]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000UA.job
- c:\users\Frida\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-30 12:12]
.
2013-01-03 c:\windows\Tasks\qazxst.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box;*.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\l2db1bux.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-58138181.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\04\11\12.6<"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03 19:49:59
ComboFix-quarantined-files.txt 2013-01-03 18:49
.
Vor Suchlauf: 10 Verzeichnis(se), 25.775.767.552 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 25.767.448.576 Bytes frei
.
- - End Of File - - 787336ADF835ED0A4E0489194EE2A5B1
Ich sehe gerade im logfile, dass Combofix anscheinend nur einen Monat zurückschaut - ich habe den Google Redirect Mist auf jeden Fall schon länger... |
|
03.01.2013, 20:29
| #11 | ||
| /// TB-Ausbilder | Google Redirect Virus Okay wir werden jetzt ein paar Dateien zur weiteren Analyse einsenden. Bitte dieses Anleitung genau folgen! Schritt 1: Combofix-Skript
Schritt 2: Nur weiter machen, wenn der Upload geklappt hat. Combofix wird dir das mitteilen. Schritt 3: Upload zur Analyse bei Trojaner-Board
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
03.01.2013, 21:01
| #12 |
| | Google Redirect Virus Bis zu Schritt 2 hat es wunderbar funktioniert, der Upload auch. Das packen von "Qoobox" in ein Archiv funktioniert dann allerdings nicht. Zuerst hatte ich keine Berechtigung, dann hat Avira gemeckert. Obwohl ich Avira gesagt habe es solle nichts tun hat es irgendetwas repariert. Soll ich Avira deaktivieren und es nocheinmal probieren? Ich habe mit deaktiviertem Avira nocheinmal gepackt. Winrar bemwerkt wieder es könne den Inhalt von "BackEnv" nicht lesen, erstellt aber trotzdem eine .zip. Diese lade ich jetzt nach Anleitung hoch... Geändert von gazblaster (03.01.2013 um 21:06 Uhr) Grund: .zip doch erstellt |
|
04.01.2013, 14:32
| #13 |
| /// TB-Ausbilder | Google Redirect Virus Hast du mal einen Neustart zwischendurch gemacht?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.01.2013, 16:11
| #14 |
| | Google Redirect Virus Ja hab ich. Wieso? |
|
04.01.2013, 20:57
| #15 | |
| /// TB-Ausbilder | Google Redirect Virus Egal ich hab ja deine Datei, danke Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Google Redirect Virus |
| antivir, application/pdf:, autorun, avira, bho, bonjour, converter, downloader, error, firefox, flash player, gereinigt, google, google redirect virus, helper, install.exe, intranet, mozilla, mp3, nvidia update, object, office 2007, plug-in, realtek, registry, samsung kies, scan, security, senden, software, stick, svchost.exe, tracker, virus, visual studio, windows |
Button.
und dann 
Linear-Darstellung
