|
Plagegeister aller Art und deren Bekämpfung: Trojaner 'W32/Patched.UA' festgestelltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.03.2014, 18:50 | #1 |
| Trojaner 'W32/Patched.UA' festgestellt Hallo Community, Avira hat auf meinem Rechner den Trojaner/Virus W32/Patched.UA detektiert. Der Scan läuft im Moment noch und somit konnte ich die Log-files noch nicht mitschicken. Könnt Ihr mir bitte bei der Beseitigung des Problems helfen? Ich würde gern ohne Formatieren auskommen, aber das ist nur ein kühner Traum. Welche Informationen werden im Bedarfsfall noch benötigt? Und falls ich mich zu unpräzise ausgedrückt habe, entschuldigt bitte und sagt einfach bescheid. Für eure Hilfe wäre ich sehr dankbar. Gruß, Capricorn |
03.03.2014, 19:10 | #2 |
/// the machine /// TB-Ausbilder | Trojaner 'W32/Patched.UA' festgestellt hi,
__________________dann warten wir mal auf das Log von Antivir. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
03.03.2014, 19:27 | #3 |
| Trojaner 'W32/Patched.UA' festgestellt Okay, habe ich gemacht und die beiden Dateien wurden ausgegeben.
__________________Welchen Teil der .txt dateien benötigt ihr denn? Soll ich alles in die Eckigen Klammern hineinkopieren? [ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-03-2014 Ran by Christian Hoffmann (administrator) on CHOFFMANN on 03-03-2014 19:13:41 Running from C:\Users\Christian Hoffmann\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums ==================== Processes (Whitelisted) ================= () C:\Windows\system32\services.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (HP) C:\Windows\system32\HPSIsvc.exe (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe () C:\HiTec\bin\wim_serv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\Eap3Host.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Akamai Technologies, Inc.) C:\Users\Christian Hoffmann\AppData\Local\Akamai\netsession_win.exe (Spotify Ltd) C:\Users\Christian Hoffmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Dropbox, Inc.) C:\Users\Christian Hoffmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Akamai Technologies, Inc.) C:\Users\Christian Hoffmann\AppData\Local\Akamai\netsession_win.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Mendeley Ltd.) C:\Program Files (x86)\Mendeley Desktop\MendeleyDesktop.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [489472 2009-08-19] (Acer Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-10-14] () HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1191432 2009-08-27] (Dritek System Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Christian Hoffmann\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\Run: [Spotify Web Helper] - C:\Users\Christian Hoffmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-08] (Spotify Ltd) HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\Run: [Spotify] - C:\Users\Christian Hoffmann\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-08] (Spotify Ltd) HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\Run: [uTorrent] - C:\Users\Christian Hoffmann\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-02-14] (BitTorrent Inc.) HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\MountPoints2: {f4c0aefb-9690-11e0-8e08-001e3324565b} - D:\AutoRun.exe HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\MountPoints2: {f4c0af00-9690-11e0-8e08-001e3324565b} - D:\AutoRun.exe HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\MountPoints2: {f4c0af4d-9690-11e0-8e08-001e3324565b} - D:\AutoRun.exe HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...\MountPoints2: {f4c0af51-9690-11e0-8e08-001e3324565b} - D:\AutoRun.exe HKU\S-1-5-21-247232768-2787100430-3548774350-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Christian Hoffmann\AppData\Local\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\n. ATTENTION! ====> ZeroAccess/Alureon? Startup: C:\Users\Christian Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Christian Hoffmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mixi Dj Search HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect URLSearchHook: HKLM-x32 - uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKCU - uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE392 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D6CB001E3324565B&affID=122354&tsp=4924 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE392 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 SearchScopes: HKCU - {BFDAC1FF-9570-4AFE-B185-703405AD90E7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u22-windows-i586.cab DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found () Winsock: Catalog9-x64 02 mswsock.dll File Not found () Winsock: Catalog9-x64 03 mswsock.dll File Not found () Winsock: Catalog9-x64 04 mswsock.dll File Not found () Winsock: Catalog9-x64 05 mswsock.dll File Not found () Winsock: Catalog9-x64 06 mswsock.dll File Not found () Winsock: Catalog9-x64 07 mswsock.dll File Not found () Winsock: Catalog9-x64 08 mswsock.dll File Not found () Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Winsock: Catalog9-x64 11 mswsock.dll File Not found () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 FireFox: ======== FF ProfilePath: C:\Users\Christian Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\7amp4km9.default-1358692038585 FF user.js: detected! => C:\Users\Christian Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\7amp4km9.default-1358692038585\user.js FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win64.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Christian Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\7amp4km9.default-1358692038585\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Christian Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\7amp4km9.default-1358692038585\searchplugins\delta.xml FF SearchPlugin: C:\Users\Christian Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\7amp4km9.default-1358692038585\searchplugins\mixidj.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: NoScript - C:\Users\Christian Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\7amp4km9.default-1358692038585\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-26] FF Extension: Adblock Plus - C:\Users\Christian Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\7amp4km9.default-1358692038585\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-17] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-02-18] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-18] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Delta Toolbar) - C:\Users\Christian Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-02-16] CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\Christian Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn [2013-06-25] CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\CHRIST~1\AppData\Local\Temp\crxCB4E.tmp [2013-06-25] ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-08] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [787968 2009-08-19] (Acer Incorporated) S3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.) R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2009-06-15] (National Instruments Corporation) R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2009-09-18] (Macrovision Corporation) R2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation) R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [740968 2009-06-23] (National Instruments Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-08] (Symantec Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) R2 WIM_Service; C:\HiTec\bin\wim_serv.exe [136192 2007-08-20] () R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] () S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-07] (Avira Operations GmbH & Co. KG) S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] () S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-03 19:13 - 2014-03-03 19:16 - 00032686 _____ () C:\Users\Christian Hoffmann\Downloads\FRST.txt 2014-03-03 19:13 - 2014-03-03 19:13 - 00000000 ____D () C:\FRST 2014-03-03 19:11 - 2014-03-03 19:12 - 02156544 _____ (Farbar) C:\Users\Christian Hoffmann\Downloads\FRST64.exe 2014-02-25 16:24 - 2014-02-25 16:24 - 00736264 _____ () C:\Windows\Minidump\022514-17331-01.dmp 2014-02-25 14:38 - 2014-02-25 14:39 - 00276760 _____ () C:\Windows\Minidump\022514-21356-01.dmp 2014-02-20 15:19 - 2014-02-20 15:19 - 00276760 _____ () C:\Windows\Minidump\022014-17347-01.dmp 2014-02-20 14:09 - 2014-02-20 14:10 - 00738392 _____ () C:\Windows\Minidump\022014-19328-01.dmp 2014-02-18 16:25 - 2014-02-18 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-18 14:25 - 2014-02-18 14:25 - 00276760 _____ () C:\Windows\Minidump\021814-20326-01.dmp 2014-02-17 15:14 - 2014-02-17 15:14 - 00000938 _____ () C:\Users\Christian Hoffmann\Downloads\Downloads - Verknüpfung.lnk 2014-02-17 09:05 - 2014-02-17 09:05 - 02609208 _____ () C:\Users\Christian Hoffmann\Downloads\lightning_2.6.4.zip 2014-02-17 09:03 - 2014-02-17 09:03 - 00010330 _____ () C:\Users\Christian Hoffmann\Desktop\Privat.ics 2014-02-14 11:22 - 2014-02-14 11:22 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-02-14 11:21 - 2014-02-14 11:21 - 24677393 _____ () C:\Users\Christian Hoffmann\Documents\vlc-2.1.3-win32.exe 2014-02-14 10:39 - 2014-02-14 11:06 - 00000000 ____D () C:\Users\Christian Hoffmann\Downloads\Doubt 2008.1080p.BluRay.x264 . NVEE 2014-02-14 10:37 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\Christian Hoffmann\Downloads\Doubt[2008]DvDrip[Eng]-FXG 2014-02-14 10:35 - 2014-02-14 10:35 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-02-14 10:35 - 2014-02-14 10:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-13 10:41 - 2014-02-13 10:43 - 00010416 _____ () C:\Users\Christian Hoffmann\Desktop\Flights Easter.xlsx 2014-02-07 15:37 - 2014-02-07 15:37 - 00738312 _____ () C:\Windows\Minidump\020714-18470-01.dmp 2014-02-07 12:33 - 2014-02-07 12:33 - 00738312 _____ () C:\Windows\Minidump\020714-18158-01.dmp 2014-02-07 09:48 - 2014-02-07 09:48 - 00000305 _____ () C:\Users\Christian Hoffmann\Downloads\cal.ics 2014-02-06 16:40 - 2014-02-06 16:41 - 00000144 _____ () C:\Windows\system32\ricdb.ini 2014-02-06 16:40 - 2014-02-06 16:40 - 00000000 ___HD () C:\ProgramData\RICOH_DRV 2014-02-04 16:51 - 2014-02-04 16:51 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-02-04 11:10 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-04 11:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-02-04 11:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-02-04 11:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-02-04 11:09 - 2014-02-04 11:10 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-03 09:36 - 2014-02-03 09:36 - 00614784 _____ (Chip Digital GmbH) C:\Users\Christian Hoffmann\Downloads\PDF24 Creator - CHIP-Downloader.exe ==================== One Month Modified Files and Folders ======= 2014-03-03 19:16 - 2014-03-03 19:13 - 00032686 _____ () C:\Users\Christian Hoffmann\Downloads\FRST.txt 2014-03-03 19:13 - 2014-03-03 19:13 - 00000000 ____D () C:\FRST 2014-03-03 19:12 - 2014-03-03 19:11 - 02156544 _____ (Farbar) C:\Users\Christian Hoffmann\Downloads\FRST64.exe 2014-03-03 19:11 - 2012-04-12 07:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-03 18:41 - 2011-11-10 20:06 - 00000000 ____D () C:\Users\Christian Hoffmann\AppData\Roaming\Dropbox 2014-03-03 16:33 - 2012-06-14 16:20 - 00000000 ___HD () C:\ProgramData\~1 2014-03-03 16:33 - 2012-06-14 16:19 - 00000000 ____D () C:\Program Files (x86)\Creative 2014-03-03 16:32 - 2012-06-14 16:19 - 00000000 ___HD () C:\ProgramData\~0 2014-03-03 15:59 - 2009-09-29 20:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-03 13:36 - 2011-11-10 20:10 - 00000000 ___RD () C:\Users\Christian Hoffmann\Dropbox 2014-03-03 13:30 - 2009-07-14 05:51 - 00183199 _____ () C:\Windows\setupact.log 2014-03-03 13:29 - 2012-09-04 16:55 - 00000000 ____D () C:\Users\Christian Hoffmann\AppData\Roaming\Spotify 2014-03-03 13:29 - 2011-09-08 14:55 - 00000000 ____D () C:\Users\Christian Hoffmann\AppData\Roaming\uTorrent 2014-03-03 12:49 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-03 12:49 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-03 12:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-02 13:27 - 2012-09-04 16:55 - 00000000 ____D () C:\Users\Christian Hoffmann\AppData\Local\Spotify 2014-03-01 10:46 - 2012-10-25 07:42 - 00065460 _____ () C:\Users\Christian Hoffmann\danid.log 2014-02-25 16:24 - 2014-02-25 16:24 - 00736264 _____ () C:\Windows\Minidump\022514-17331-01.dmp 2014-02-25 16:24 - 2010-10-17 10:10 - 482785935 _____ () C:\Windows\MEMORY.DMP 2014-02-25 16:24 - 2010-10-17 10:10 - 00000000 ____D () C:\Windows\Minidump 2014-02-25 14:39 - 2014-02-25 14:38 - 00276760 _____ () C:\Windows\Minidump\022514-21356-01.dmp 2014-02-24 09:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-24 09:00 - 2009-09-29 21:13 - 00982454 _____ () C:\Windows\PFRO.log 2014-02-21 10:30 - 2012-10-25 07:42 - 01098011 _____ () C:\Users\Christian Hoffmann\danid.log.1 2014-02-21 10:30 - 2010-08-10 20:29 - 00000000 ____D () C:\Users\Christian Hoffmann 2014-02-21 10:11 - 2012-04-12 07:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 10:11 - 2012-04-12 07:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-21 10:11 - 2011-05-20 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-20 15:19 - 2014-02-20 15:19 - 00276760 _____ () C:\Windows\Minidump\022014-17347-01.dmp 2014-02-20 14:10 - 2014-02-20 14:09 - 00738392 _____ () C:\Windows\Minidump\022014-19328-01.dmp 2014-02-20 14:09 - 2012-05-06 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-18 16:25 - 2014-02-18 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-18 14:25 - 2014-02-18 14:25 - 00276760 _____ () C:\Windows\Minidump\021814-20326-01.dmp 2014-02-17 15:14 - 2014-02-17 15:14 - 00000938 _____ () C:\Users\Christian Hoffmann\Downloads\Downloads - Verknüpfung.lnk 2014-02-17 09:05 - 2014-02-17 09:05 - 02609208 _____ () C:\Users\Christian Hoffmann\Downloads\lightning_2.6.4.zip 2014-02-17 09:03 - 2014-02-17 09:03 - 00010330 _____ () C:\Users\Christian Hoffmann\Desktop\Privat.ics 2014-02-14 11:23 - 2011-01-07 17:42 - 00000000 ____D () C:\Users\Christian Hoffmann\AppData\Roaming\vlc 2014-02-14 11:22 - 2014-02-14 11:22 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-02-14 11:21 - 2014-02-14 11:21 - 24677393 _____ () C:\Users\Christian Hoffmann\Documents\vlc-2.1.3-win32.exe 2014-02-14 11:06 - 2014-02-14 10:39 - 00000000 ____D () C:\Users\Christian Hoffmann\Downloads\Doubt 2008.1080p.BluRay.x264 . NVEE 2014-02-14 10:37 - 2014-02-14 10:37 - 00000000 ____D () C:\Users\Christian Hoffmann\Downloads\Doubt[2008]DvDrip[Eng]-FXG 2014-02-14 10:35 - 2014-02-14 10:35 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-02-14 10:35 - 2014-02-14 10:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-13 10:43 - 2014-02-13 10:41 - 00010416 _____ () C:\Users\Christian Hoffmann\Desktop\Flights Easter.xlsx 2014-02-07 15:37 - 2014-02-07 15:37 - 00738312 _____ () C:\Windows\Minidump\020714-18470-01.dmp 2014-02-07 12:33 - 2014-02-07 12:33 - 00738312 _____ () C:\Windows\Minidump\020714-18158-01.dmp 2014-02-07 09:48 - 2014-02-07 09:48 - 00000305 _____ () C:\Users\Christian Hoffmann\Downloads\cal.ics 2014-02-06 16:41 - 2014-02-06 16:40 - 00000144 _____ () C:\Windows\system32\ricdb.ini 2014-02-06 16:40 - 2014-02-06 16:40 - 00000000 ___HD () C:\ProgramData\RICOH_DRV 2014-02-06 16:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\spool 2014-02-06 10:06 - 2013-12-11 22:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-05 10:03 - 2010-08-11 07:18 - 00000000 ____D () C:\Users\Christian Hoffmann\AppData\Local\Adobe 2014-02-04 16:51 - 2014-02-04 16:51 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-02-04 11:12 - 2013-10-27 13:08 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-04 11:10 - 2014-02-04 11:09 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-04 11:10 - 2010-09-15 16:15 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-04 10:01 - 2012-03-21 16:47 - 00000584 _____ () C:\Users\Christian Hoffmann\Documents\grstyles.stl 2014-02-03 09:38 - 2011-10-25 10:20 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-02-03 09:36 - 2014-02-03 09:36 - 00614784 _____ (Chip Digital GmbH) C:\Users\Christian Hoffmann\Downloads\PDF24 Creator - CHIP-Downloader.exe ZeroAccess: C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3} C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\U\00000004.@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\U\00000008.@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\U\000000cb.@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\U\80000000.@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\U\80000032.@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\U\80000064.@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\L\00000004.@ C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\L\1afb2d56 C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\L\201d3dde C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\L\6715e287 C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\L\76603ac3 ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\Users\Christian Hoffmann\AppData\Local\{e1efd280-3117-80e7-57a2-620bf46ab1f3} C:\Users\Christian Hoffmann\AppData\Local\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\@ Some content of TEMP: ==================== C:\Users\Christian Hoffmann\AppData\Local\Temp\03316628.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\044E31A2.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\0716DFCE.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\0845136C.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\086B96D3.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\095A93C9.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\097CA36D.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\0B97A138.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\0B98348A.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\0CCC1502.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\120718284.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\120721186.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\16D79526.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\1A4B8CDA.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\21E0A375.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\26CBEEEA.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\291D3FED.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\2A0B8728.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\2A0D43BB.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\2B431199.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\2D12B625.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\2F73769B.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\3014BDB6.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\30199BA8.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\33E9F92E.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\33FDD472.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\37198B71.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\38BEFAC4.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\394ABCDD.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\394EBCD4.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\429F332E.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\444BC3E6.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\46F26C12.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\46F4EBF1.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\46F5B4A5.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\46F7AF7D.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\492EA09C.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\4B17FFA5.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\4D3A2BF1.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\4D3D672D.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\528753DD.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\528E3BBC.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\52F5D040.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\5399B994.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\53AEBB81.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\53BA5CB2.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\53C8738F.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\5695AB35.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\5B867AA5.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\5E3E26F0.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\63C71E3A.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\670CC562.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\6B2790EF.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\6FE36CCA.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\767B9F30.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\7877DBAD.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\7D0984EA.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\7FA40D6C.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\818F634B.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\849B6CA1.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\8CDF934E.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\8CE105DD.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\8CE57063.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\8DC2EF92.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\8DDE0E01.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\902997BE.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\9147F64B.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\91DC96E5.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\91DD3D47.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\94921429.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\9496DD32.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\94A51988.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\96A81867.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\96AF9386.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\96AFC9E6.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\96AFEC00.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A107413E.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A1077CE4.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A10822AA.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A1093113.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A10B332E.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A1360B8E.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A71FFB4C.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A8A2B662.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A8A3DB38.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\A8C952DA.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\AB0AC5E7.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\AC0735A6.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\AC097302.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\AskSLib.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\avgnt.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\B124807C.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B33F153A.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B3400410.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B3408EB8.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B3481EC5.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B34896A5.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B4062639.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B57463C6.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B64D8D24.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\B7023DA9.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\BEEB4D36.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C2366327.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C2585491.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C2D08FC2.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C33E0DCF.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C33E52B1.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C3E1689B.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C3E61C9D.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C3EC5AD0.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C45AA940.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\C5539660.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\CA550BF2.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\D01EA878.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\D556216A.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\D8D8AA92.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\E0357DC2.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\E22F1813.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\E65C14B2.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\E65D4467.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\E8A00939.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\E9F1C6A0.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\E9F40995.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\F78487F9.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\F9DB9A29.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\F9E3A39D.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\FB3C92EC.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\FB3D3439.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\FB40EDA5.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\FB7C7B88.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\FC1CA1A6.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\htmlayout.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\iMesh_setup.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\MixiDJToolbar.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\oct8B22.tmp.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\ResetDevice.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\siinst.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\strings.dll C:\Users\Christian Hoffmann\AppData\Local\Temp\toolbar355434253.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\TUUUninstallHelper.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\uninst1.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\uninstall355525248.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\uninstall355540942.exe C:\Users\Christian Hoffmann\AppData\Local\Temp\utt2398.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____N () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 13:49 ==================== End Of Log ============================ --- --- --- --- --- --- ][/CODE] [Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2014 Ran by Christian Hoffmann at 2014-03-03 19:17:26 Running from C:\Users\Christian Hoffmann\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.25 - NewTech Infosystems) Acer Crystal Eye webcam Ver:1.1.97.717 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.97.717 - Chicony Electronics Co.,Ltd.) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.) Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.) Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.07.3006 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0810 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version: - ) Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.) ATI AVIVO64 Codecs (Version: 10.9.0.40901 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{C0471655-9851-F7E9-2BF1-D1F98E5D5FB8}) (Version: 3.0.741.0 - ATI Technologies, Inc.) AutoNom Standard (HKLM-x32\...\AutoNom Standard) (Version: - ) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira) Backup Manager Basic (x32 Version: 2.0.0.25 - NewTech Infosystems) Hidden BKChem-0.13.0 (HKLM-x32\...\BKChem_is1) (Version: - Beda Kosata) BMG LABTECH MARS Data Analysis (HKLM-x32\...\BMG LABTECH MARS Data Analysis) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2009.0901.2227.38495 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2009.0901.2227.38495 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Czech (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Danish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Dutch (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help English (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Finnish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help French (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help German (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Greek (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Hungarian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Italian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Japanese (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Korean (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Norwegian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Polish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Portuguese (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Russian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Spanish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Swedish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Thai (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Turkish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden ccc-core-static (x32 Version: 2009.0901.2227.38495 - ATI) Hidden ccc-utility64 (Version: 2009.0901.2227.38495 - ATI) Hidden ChemDoodle (HKLM-x32\...\ChemDoodle) (Version: - ) Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) Citrix Authentication Manager (x32 Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden Citrix Receiver (DV) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.) Citrix Receiver (USB) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver Inside (x32 Version: 3.1.0.64094 - Citrix Systems, Inc.) Hidden Citrix Receiver(Aero) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.1.3201.50 - CyberLink Corp.) CyberLink PowerDVD 8 (x32 Version: 8.1.3201.50 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{2528825D-9FB9-4680-88B2-51D245D7B269}) (Version: - Microsoft) DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Edraw Max 7.5 (HKLM-x32\...\Edraw Max_is1) (Version: - EdrawSoft) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.) Free YouTube Download version 3.1.40.1031 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.40.1031 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.) GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Groovy-1.7.4 (HKLM-x32\...\Groovy-1.7.4) (Version: - ) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) ISIS Draw 2.4 Standalone (HKLM-x32\...\ISIS Draw 2.4 Standalone) (Version: - ) ISO Workshop 2.3 (HKLM-x32\...\ISO Workshop_is1) (Version: - Glorylogic) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.) MATLAB Component Runtime (HKLM-x32\...\{36397154-0993-445D-A22F-8049559D4B22}) (Version: 7.2 - MathWorks) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Mendeley Desktop 1.3.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.3.2 - Mendeley Ltd.) Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) MestReC 4.7.0 (HKLM-x32\...\MestReC_is1) (Version: - MestReC Lite) MestReNova 7.1.2-10008 (HKLM-x32\...\MestReNova) (Version: 7.1.2-10008 - Mestrelab Research S.L.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}) (Version: - Microsoft) Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden MiKTeX 2.8 (HKLM-x32\...\MiKTeX 2.8) (Version: 2.8 - MiKTeX.org) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.) Nero 9 Essentials (HKLM-x32\...\{d740c22b-08a3-4794-a294-e0ad11171150}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.15.100 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero PhotoSnap (x32 Version: 2.4.28.0 - Nero AG) Hidden Nero PhotoSnap Help (x32 Version: 2.4.28.0 - Nero AG) Hidden Nero Recode (x32 Version: 4.4.38.1 - Nero AG) Hidden Nero Recode Help (x32 Version: 4.4.38.1 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.24.100 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden NI Assistant Framework (x32 Version: 6.5.191.0 - National Instruments) Hidden NI Assistant Framework 64-bit (Version: 6.5.62.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2009 (64-bit) (Version: 6.5.51.0 - National Instruments) Hidden NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden NI DataSocket 4.7.0 (64-bit) (Version: 4.7.39.0 - National Instruments) Hidden NI DataSocket 4.7.0 (x32 Version: 4.7.82.0 - National Instruments) Hidden NI Distributed System Manager 2009 (x32 Version: 9.0.146.0 - National Instruments) Hidden NI EULA Depot (x32 Version: 2.71.128 - National Instruments) Hidden NI Example Finder 9.0 (Version: 9.0.146.0 - National Instruments) Hidden NI Help Assistant (64bit) (Version: 1.0.10 - National Instruments) Hidden NI Help Assistant (x32 Version: 1.0.10 - National Instruments) Hidden NI Instrument IO Assistant for LabVIEW 9.0 64 (Version: 1.0.48.0 - National Instruments) Hidden NI LabVIEW 2009 (64 bit) MeasAppChm File (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 2009 (64-bit) (Version: 9.0.182.0 - National Instruments) Hidden NI LabVIEW 2009 Applibs (Version: 9.0.184.0 - National Instruments) Hidden NI LabVIEW 2009 CINtools (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 Deployment Framework (x32 Version: 9.0.5.0 - National Instruments) Hidden NI LabVIEW 2009 Examples (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 gMath (Version: 9.0.179.0 - National Instruments) Hidden NI LabVIEW 2009 Help (Version: 9.0.173.0 - National Instruments) Hidden NI LabVIEW 2009 Help File (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 2009 Instr.lib (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 License (x32 Version: 9.0.253.0 - National Instruments) Hidden NI LabVIEW 2009 Manuals (Version: 9.0.173.0 - National Instruments) Hidden NI LabVIEW 2009 Menus (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 Project (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 Resource (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 2009 Run-Time Engine Web Services (64-bit) (Version: 9.0.119.0 - National Instruments) Hidden NI LabVIEW 2009 Simulation (Version: 9.0.101.0 - National Instruments) Hidden NI LabVIEW 2009 Templates (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 User.lib (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 VI.lib (Version: 9.0.178.0 - National Instruments) Hidden NI LabVIEW 2009 Web Server 64-Bit (Version: 9.0.118.0 - National Instruments) Hidden NI LabVIEW 2009 Web Services Runtime (64-bit) (Version: 9.0.118.0 - National Instruments) Hidden NI LabVIEW 2009 WWW (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 9.0.0 f3 (64-Bit) (Version: 9.0.8.0 - National Instruments) Hidden NI LabVIEW Broker (64 bit) (Version: 6.7.21.0 - National Instruments) Hidden NI LabVIEW Broker (x32 Version: 6.7.21.0 - National Instruments) Hidden NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden NI LabVIEW Compare Utility 9.0.0 (x32 Version: 9.0.3.0 - National Instruments) Hidden NI LabVIEW Deployable License 2009 (x32 Version: 9.0.253.0 - National Instruments) Hidden NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden NI LabVIEW Merge Utility 9.0.0 (x32 Version: 9.0.148.0 - National Instruments) Hidden NI LabVIEW Real-Time Error Dialog (x32 Version: 8.5.294.0 - National Instruments) Hidden NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.2.74.0 - National Instruments) Hidden NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.222.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2009 (64-bit) (Version: 9.0.222.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.266.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 8.2.1 (x32 Version: 8.2.379.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2009 (64-bit) (Version: 9.0.112.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.22.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Web Services (x32 Version: 9.0.197.0 - National Instruments) Hidden NI LabVIEW Web Server 64-Bit for Run-Time Engine (Version: 9.0.120.0 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0 - National Instruments) Hidden NI LabWindows/CVI 9.0 Run-Time Engine (x32 Version: 9.0.0355 - National Instruments) Hidden NI LabWindows/CVI Code Generator (x32 Version: 9.0.1376 - National Instruments) Hidden NI LabWindows/CVI DLL Builder for LabVIEW (x32 Version: 9.0.1376 - National Instruments) Hidden NI License Manager (x32 Version: 3.4.28 - National Instruments) Hidden NI Logos 5.1 (x32 Version: 5.1.118.0 - National Instruments) Hidden NI Logos LabVIEW 2009 Support (Version: 9.0.173.0 - National Instruments) Hidden NI Logos XT Support (x32 Version: 5.1.66.0 - National Instruments) Hidden NI Logos64 5.1 (Version: 5.1.71.0 - National Instruments) Hidden NI Logos64 XT Support (Version: 5.1.63.0 - National Instruments) Hidden NI LVBrokerAux 8.2.1 (x32 Version: 8.2.303.0 - National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.28.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) Hidden NI MAX LabVIEW 64 Support Installer 4.6 (Version: 4.60.49153 - National Instruments) Hidden NI MAX Remote Configuration Installer 4.6 (x32 Version: 4.60.49152 - National Instruments) Hidden NI MAX Support for 64 Bit Windows (Version: 4.60.49153 - National Instruments) Hidden NI MDF Support (x32 Version: 2.71.128 - National Instruments) Hidden NI Measurement & Automation Explorer 4.6.0 (x32 Version: 4.60.49153 - National Instruments) Hidden NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden NI MXS 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI MXS 4.6.0 for 64 Bit Windows (Version: 4.60.49152 - National Instruments) Hidden NI MXS 4.6.0f0 for LabVIEW Real-Time (x32 Version: 4.60.49152 - National Instruments) Hidden NI OPC Support (x32 Version: 9.0.35.0 - National Instruments) Hidden NI Portable Configuration 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI Portable Configuration Help for 64 Bit Windows 4.6.0 (Version: 4.60.49152 - National Instruments) Hidden NI Registration Wizard (x32 Version: 1.2.71 - National Instruments) Hidden NI Remote Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI Remote PXI Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI Service Locator (x32 Version: 9.0.260.0 - National Instruments) Hidden NI Software Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI SSL LabVIEW 2009 Support (64-bit) (Version: 9.0.92.0 - National Instruments) Hidden NI SSL Support (64-bit) (Version: 9.0.11.0 - National Instruments) Hidden NI SSL Support (x32 Version: 9.0.5.0 - National Instruments) Hidden NI System API RT (x32 Version: 1.0.45.0 - National Instruments) Hidden NI System API Windows 32-bit (x32 Version: 1.0.48.0 - National Instruments) Hidden NI System API Windows 64-bit (Version: 1.0.41.0 - National Instruments) Hidden NI System State Publisher (64-bit) (Version: 9.0.128.0 - National Instruments) Hidden NI System State Publisher (x32 Version: 9.0.150.0 - National Instruments) Hidden NI TDM Excel Add-In 2.1 (x32 Version: 2.1.37.0 - National Instruments) Hidden NI TDMS (64-bit) (Version: 2.0.170.0 - National Instruments) Hidden NI TDMS (x32 Version: 2.0.170.0 - National Instruments) Hidden NI Trace Engine (64-bit) (Version: 9.0.128.0 - National Instruments) Hidden NI Trace Engine (x32 Version: 9.0.146.0 - National Instruments) Hidden NI Uninstaller (x32 Version: 2.71.128 - National Instruments) Hidden NI USI 1.7.0 (x32 Version: 1.7.03805 - National Instruments) Hidden NI USI 1.7.0 64-Bit (Version: 1.7.03805 - National Instruments) Hidden NI Variable Engine (64-bit) (Version: 2.3.26.0 - National Instruments) Hidden NI Variable Engine 2.3.0 (x32 Version: 2.3.59.0 - National Instruments) Hidden NI Variable Engine LabVIEW 2009 Support (Version: 9.0.172.0 - National Instruments) Hidden NI VC2005MSMs x64 (Version: 8.01.5 - National Instruments) Hidden NI VC2005MSMs x86 (x32 Version: 8.01.5 - National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.100 - National Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.100 - National Instruments) Hidden NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.1 (x32 Version: 1.10.46.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.1 64-bit (Version: 1.10.47.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.1 (x32 Version: 2.7.123.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.1 64-bit (Version: 2.7.128.0 - National Instruments) Hidden NI-DAQmx - LabVIEW shared documentation (x32 Version: 1.50.49152 - National Instruments) Hidden NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.5.0 (Version: 1.50.49152 - National Instruments) Hidden NI-RPC 4.1.1f0 (x32 Version: 4.11.49152 - National Instruments) Hidden NI-RPC 4.1.1f0 for 64 Bit Windows (Version: 4.11.49152 - National Instruments) Hidden NI-RPC 4.1.1f0 for Phar Lap ETS (x32 Version: 4.11.49152 - National Instruments) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.18320 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec) Omega (HKLM-x32\...\Omega) (Version: - ) Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org) Origin90 (HKLM-x32\...\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}) (Version: 9.00.00 - OriginLab Corporation) PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery) pdfforge Toolbar v6.0 (HKLM-x32\...\{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}) (Version: 6.0 - Spigot, Inc.) <==== ATTENTION PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd) PDF-XChange Viewer (HKLM\...\{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}) (Version: 2.5.193.0 - Tracker Software Products Ltd.) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5888 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.) SD PresentationEngine for PowerPoint (HKLM-x32\...\{E00679D5-2BD3-4DD2-AF5F-E67987703F6B}) (Version: 2.80.0024 - SkabelonDesign) Secure Download Manager (HKLM-x32\...\{C28422FB-F2CD-427A-ADED-9F281745CDB2}) (Version: 3.0.3 - e-academy Inc.) SecureW2 Enterprise Client 3.1.4 for Windows (HKLM-x32\...\SecureW2 Enterprise Client) (Version: - ) Self-Service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.) Software von National Instruments (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments) SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - SopCast - Free P2P internet TV | live football, NBA, cricket) Spark 2.5.8 (HKLM-x32\...\Spark 2.5.8) (Version: - Jive Software) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Star Defender 4 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}) (Version: - Oberon Media) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated) Texmaker (HKLM-x32\...\Texmaker) (Version: - ) ThinLinc Client 3.3.0 (HKLM-x32\...\tlclient) (Version: - ) TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2020.4 - TuneUp Software) Hidden Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{C5325053-3C37-4A69-959E-4802AE6686EF}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) uTorrentBar_DE Toolbar (HKLM-x32\...\uTorrentBar_DE Toolbar) (Version: 6.3.5.3 - uTorrentBar_DE) <==== ATTENTION Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc) Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation) Winamp (HKLM-x32\...\Winamp) (Version: 5.581 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\95E56D57DA5C5A08C88234D00B94023A8AD713AA) (Version: 02/17/2009 2.04.16 - FTDI) Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\C3323A996199A7675B69D3FDB0A25449206A4231) (Version: 02/17/2009 2.04.16 - FTDI) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) ==================== Restore Points ========================= 03-03-2014 14:50:22 Configured CambridgeSoft ChemDraw Ultra 11.0 03-03-2014 14:59:38 Removed CambridgeSoft ChemDraw Ultra 12.0. 03-03-2014 15:08:28 Removed CambridgeSoft Activation Client. ==================== Hosts content: ========================== 2009-07-14 03:34 - 2012-07-09 17:10 - 00443048 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³ 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 Gadgets And More 127.0.0.1 10sek.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 Easy 123 Movie Download There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {227C5CE4-75B4-47AA-BF77-89B04B897F17} - System32\Tasks\{C6FA034A-919B-4F96-9DF7-A6A71DF18CF3} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {51536293-D544-4E53-BFB2-3F255DD4B466} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer) Task: {59000224-E522-4423-BF4D-50E785A02E71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated) Task: {660CD02C-9FC0-463D-893D-6D5D5B88FD05} - System32\Tasks\AdobeAAMUpdater-1.0-CHoffmann-Christian Hoffmann => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {A0C726CA-43D3-4A2D-9975-32F31808E930} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {E3F6C6FE-7E27-487E-8103-A65DA5F0B64C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-21 17:14 - 2010-11-20 14:27 - 00326144 _____ () C:\Windows\system32\mswsock.dll 2009-07-14 00:19 - 2009-07-14 02:39 - 00328704 ____N () C:\Windows\system32\services.exe 2011-06-21 17:14 - 2010-11-20 14:27 - 00326144 _____ () C:\Windows\system32\MSWSOCK.dll 2011-06-21 17:14 - 2010-11-20 14:27 - 00326144 _____ () C:\Windows\System32\mswsock.dll 2012-03-19 14:20 - 2010-03-04 16:56 - 00289280 _____ () C:\Windows\System32\HP1100LM.DLL 2011-09-09 16:48 - 2011-02-17 18:13 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll 2011-01-29 13:30 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2006-12-04 00:26 - 2006-12-04 00:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll 2012-03-19 14:21 - 2010-03-04 16:56 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2007-08-20 13:12 - 2007-08-20 13:12 - 00136192 _____ () C:\HiTec\bin\wim_serv.exe 2011-06-17 13:35 - 2009-03-03 11:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe 2009-07-17 16:20 - 2009-07-17 16:20 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2010-10-29 21:44 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2009-10-14 18:14 - 2009-10-14 18:14 - 00200704 _____ () C:\Windows\PLFSetI.exe 2009-07-29 21:10 - 2009-07-29 21:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2009-09-29 20:37 - 2009-09-29 20:37 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-10-29 14:02 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2007-02-20 14:47 - 2007-02-20 14:47 - 00134144 _____ () C:\HiTec\bin\ANW.DLL 2007-02-20 14:47 - 2007-02-20 14:47 - 00163840 _____ () C:\HiTec\bin\POOL.DLL 2007-02-20 14:47 - 2007-02-20 14:47 - 00131072 _____ () C:\HiTec\bin\WIM_REG.DLL 2007-08-16 16:34 - 2007-08-16 16:34 - 00147456 _____ () C:\HiTec\bin\SYS_DLL.DLL 2010-11-08 11:09 - 2010-11-08 11:09 - 00172544 _____ () C:\HiTec\bin\HDB_POST.DLL 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Christian Hoffmann\AppData\Roaming\Dropbox\bin\libcef.dll 2014-02-18 16:25 - 2014-02-18 16:25 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-12-11 22:09 - 2014-02-06 10:06 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-12-11 22:09 - 2014-02-06 10:06 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-12-11 22:09 - 2014-02-06 10:06 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-02-21 10:11 - 2014-02-21 10:11 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll 2012-02-13 13:24 - 2014-02-04 16:37 - 00294400 _____ () C:\Program Files (x86)\Mendeley Desktop\Mendeley.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TempFC5A2B2 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" MSCONFIG\startupreg: Spark => C:\Program Files (x86)\Spark\Spark.exe MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/28/2014 01:53:26 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/23/2014 07:49:31 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/18/2014 11:35:35 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/16/2014 11:37:56 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/07/2014 06:02:26 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/05/2014 00:08:46 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/04/2014 00:28:37 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/03/2014 10:38:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/01/2014 06:39:57 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6661.5000, Zeitstempel: 0x4f7cd9da Name des fehlerhaften Moduls: wwlib.dll, Version: 12.0.6661.5000, Zeitstempel: 0x4f7cdad7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00dcb599 ID des fehlerhaften Prozesses: 0x1778 Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0 Pfad der fehlerhaften Anwendung: WINWORD.EXE1 Pfad des fehlerhaften Moduls: WINWORD.EXE2 Berichtskennung: WINWORD.EXE3 Error: (01/31/2014 02:37:02 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. System errors: ============= Error: (03/03/2014 01:34:20 PM) (Source: Service Control Manager) (User: ) Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/03/2014 01:34:20 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/03/2014 01:33:51 PM) (Source: Tcpip) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse 82.130.65.11 mit dem Computer mit der Netzwerkhardwareadresse 90-1B-0E-1A-AB-A3 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (03/03/2014 00:42:31 PM) (Source: Service Control Manager) (User: ) Description: cdrom Error: (03/03/2014 00:41:41 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (03/03/2014 00:41:37 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (03/03/2014 00:41:37 PM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (03/02/2014 09:34:19 PM) (Source: Service Control Manager) (User: ) Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/02/2014 09:34:19 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/02/2014 06:07:26 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Microsoft Office Sessions: ========================= Error: (02/01/2014 06:39:56 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14028 seconds with 4500 seconds of active time. This session ended with a crash. Error: (06/20/2012 08:06:33 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4896 seconds with 1620 seconds of active time. This session ended with a crash. Error: (04/10/2012 10:14:37 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12000 seconds with 6120 seconds of active time. This session ended with a crash. Error: (04/02/2012 00:41:46 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12129 seconds with 2820 seconds of active time. This session ended with a crash. Error: (03/25/2012 04:01:33 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4813 seconds with 1860 seconds of active time. This session ended with a crash. Error: (01/09/2011 08:09:06 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17459 seconds with 1380 seconds of active time. This session ended with a crash. Error: (10/28/2010 10:01:20 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12488 seconds with 300 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 76% Total physical RAM: 3998.84 MB Available physical RAM: 949.23 MB Total Pagefile: 7995.87 MB Available Pagefile: 4459.45 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:285.99 GB) (Free:108.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: C13DD012) Partition: GPT Partition Type. ==================== End Of Log ============================][/CODE] |
04.03.2014, 08:27 | #4 |
| Trojaner 'W32/Patched.UA' festgestellt [Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2014 Ran by Christian Hoffmann at 2014-03-03 19:17:26 Running from C:\Users\Christian Hoffmann\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.25 - NewTech Infosystems) Acer Crystal Eye webcam Ver:1.1.97.717 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.97.717 - Chicony Electronics Co.,Ltd.) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.) Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.) Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.07.3006 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0810 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version: - ) Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.) ATI AVIVO64 Codecs (Version: 10.9.0.40901 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{C0471655-9851-F7E9-2BF1-D1F98E5D5FB8}) (Version: 3.0.741.0 - ATI Technologies, Inc.) AutoNom Standard (HKLM-x32\...\AutoNom Standard) (Version: - ) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira) Backup Manager Basic (x32 Version: 2.0.0.25 - NewTech Infosystems) Hidden BKChem-0.13.0 (HKLM-x32\...\BKChem_is1) (Version: - Beda Kosata) BMG LABTECH MARS Data Analysis (HKLM-x32\...\BMG LABTECH MARS Data Analysis) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0901.2227.38495 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2009.0901.2227.38495 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2009.0901.2227.38495 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Czech (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Danish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Dutch (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help English (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Finnish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help French (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help German (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Greek (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Hungarian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Italian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Japanese (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Korean (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Norwegian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Polish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Portuguese (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Russian (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Spanish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Swedish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Thai (x32 Version: 2009.0901.2226.38495 - ATI) Hidden CCC Help Turkish (x32 Version: 2009.0901.2226.38495 - ATI) Hidden ccc-core-static (x32 Version: 2009.0901.2227.38495 - ATI) Hidden ccc-utility64 (Version: 2009.0901.2227.38495 - ATI) Hidden ChemDoodle (HKLM-x32\...\ChemDoodle) (Version: - ) Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) Citrix Authentication Manager (x32 Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden Citrix Receiver (DV) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.) Citrix Receiver (USB) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Citrix Receiver Inside (x32 Version: 3.1.0.64094 - Citrix Systems, Inc.) Hidden Citrix Receiver(Aero) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.1.3201.50 - CyberLink Corp.) CyberLink PowerDVD 8 (x32 Version: 8.1.3201.50 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{2528825D-9FB9-4680-88B2-51D245D7B269}) (Version: - Microsoft) DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Edraw Max 7.5 (HKLM-x32\...\Edraw Max_is1) (Version: - EdrawSoft) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.) Free YouTube Download version 3.1.40.1031 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.40.1031 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.) GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Groovy-1.7.4 (HKLM-x32\...\Groovy-1.7.4) (Version: - ) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) ISIS Draw 2.4 Standalone (HKLM-x32\...\ISIS Draw 2.4 Standalone) (Version: - ) ISO Workshop 2.3 (HKLM-x32\...\ISO Workshop_is1) (Version: - Glorylogic) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.) MATLAB Component Runtime (HKLM-x32\...\{36397154-0993-445D-A22F-8049559D4B22}) (Version: 7.2 - MathWorks) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Mendeley Desktop 1.3.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.3.2 - Mendeley Ltd.) Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) MestReC 4.7.0 (HKLM-x32\...\MestReC_is1) (Version: - MestReC Lite) MestReNova 7.1.2-10008 (HKLM-x32\...\MestReNova) (Version: 7.1.2-10008 - Mestrelab Research S.L.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}) (Version: - Microsoft) Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden MiKTeX 2.8 (HKLM-x32\...\MiKTeX 2.8) (Version: 2.8 - MiKTeX.org) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.) Nero 9 Essentials (HKLM-x32\...\{d740c22b-08a3-4794-a294-e0ad11171150}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.15.100 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero PhotoSnap (x32 Version: 2.4.28.0 - Nero AG) Hidden Nero PhotoSnap Help (x32 Version: 2.4.28.0 - Nero AG) Hidden Nero Recode (x32 Version: 4.4.38.1 - Nero AG) Hidden Nero Recode Help (x32 Version: 4.4.38.1 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.24.100 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden NI Assistant Framework (x32 Version: 6.5.191.0 - National Instruments) Hidden NI Assistant Framework 64-bit (Version: 6.5.62.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2009 (64-bit) (Version: 6.5.51.0 - National Instruments) Hidden NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden NI DataSocket 4.7.0 (64-bit) (Version: 4.7.39.0 - National Instruments) Hidden NI DataSocket 4.7.0 (x32 Version: 4.7.82.0 - National Instruments) Hidden NI Distributed System Manager 2009 (x32 Version: 9.0.146.0 - National Instruments) Hidden NI EULA Depot (x32 Version: 2.71.128 - National Instruments) Hidden NI Example Finder 9.0 (Version: 9.0.146.0 - National Instruments) Hidden NI Help Assistant (64bit) (Version: 1.0.10 - National Instruments) Hidden NI Help Assistant (x32 Version: 1.0.10 - National Instruments) Hidden NI Instrument IO Assistant for LabVIEW 9.0 64 (Version: 1.0.48.0 - National Instruments) Hidden NI LabVIEW 2009 (64 bit) MeasAppChm File (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 2009 (64-bit) (Version: 9.0.182.0 - National Instruments) Hidden NI LabVIEW 2009 Applibs (Version: 9.0.184.0 - National Instruments) Hidden NI LabVIEW 2009 CINtools (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 Deployment Framework (x32 Version: 9.0.5.0 - National Instruments) Hidden NI LabVIEW 2009 Examples (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 gMath (Version: 9.0.179.0 - National Instruments) Hidden NI LabVIEW 2009 Help (Version: 9.0.173.0 - National Instruments) Hidden NI LabVIEW 2009 Help File (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 2009 Instr.lib (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 License (x32 Version: 9.0.253.0 - National Instruments) Hidden NI LabVIEW 2009 Manuals (Version: 9.0.173.0 - National Instruments) Hidden NI LabVIEW 2009 Menus (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 Project (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 Resource (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 2009 Run-Time Engine Web Services (64-bit) (Version: 9.0.119.0 - National Instruments) Hidden NI LabVIEW 2009 Simulation (Version: 9.0.101.0 - National Instruments) Hidden NI LabVIEW 2009 Templates (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 User.lib (Version: 9.0.183.0 - National Instruments) Hidden NI LabVIEW 2009 VI.lib (Version: 9.0.178.0 - National Instruments) Hidden NI LabVIEW 2009 Web Server 64-Bit (Version: 9.0.118.0 - National Instruments) Hidden NI LabVIEW 2009 Web Services Runtime (64-bit) (Version: 9.0.118.0 - National Instruments) Hidden NI LabVIEW 2009 WWW (Version: 9.0.181.0 - National Instruments) Hidden NI LabVIEW 9.0.0 f3 (64-Bit) (Version: 9.0.8.0 - National Instruments) Hidden NI LabVIEW Broker (64 bit) (Version: 6.7.21.0 - National Instruments) Hidden NI LabVIEW Broker (x32 Version: 6.7.21.0 - National Instruments) Hidden NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden NI LabVIEW Compare Utility 9.0.0 (x32 Version: 9.0.3.0 - National Instruments) Hidden NI LabVIEW Deployable License 2009 (x32 Version: 9.0.253.0 - National Instruments) Hidden NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden NI LabVIEW Merge Utility 9.0.0 (x32 Version: 9.0.148.0 - National Instruments) Hidden NI LabVIEW Real-Time Error Dialog (x32 Version: 8.5.294.0 - National Instruments) Hidden NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.2.74.0 - National Instruments) Hidden NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.222.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2009 (64-bit) (Version: 9.0.222.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.266.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 8.2.1 (x32 Version: 8.2.379.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2009 (64-bit) (Version: 9.0.112.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.22.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Web Services (x32 Version: 9.0.197.0 - National Instruments) Hidden NI LabVIEW Web Server 64-Bit for Run-Time Engine (Version: 9.0.120.0 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0 - National Instruments) Hidden NI LabWindows/CVI 9.0 Run-Time Engine (x32 Version: 9.0.0355 - National Instruments) Hidden NI LabWindows/CVI Code Generator (x32 Version: 9.0.1376 - National Instruments) Hidden NI LabWindows/CVI DLL Builder for LabVIEW (x32 Version: 9.0.1376 - National Instruments) Hidden NI License Manager (x32 Version: 3.4.28 - National Instruments) Hidden NI Logos 5.1 (x32 Version: 5.1.118.0 - National Instruments) Hidden NI Logos LabVIEW 2009 Support (Version: 9.0.173.0 - National Instruments) Hidden NI Logos XT Support (x32 Version: 5.1.66.0 - National Instruments) Hidden NI Logos64 5.1 (Version: 5.1.71.0 - National Instruments) Hidden NI Logos64 XT Support (Version: 5.1.63.0 - National Instruments) Hidden NI LVBrokerAux 8.2.1 (x32 Version: 8.2.303.0 - National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.28.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) Hidden NI MAX LabVIEW 64 Support Installer 4.6 (Version: 4.60.49153 - National Instruments) Hidden NI MAX Remote Configuration Installer 4.6 (x32 Version: 4.60.49152 - National Instruments) Hidden NI MAX Support for 64 Bit Windows (Version: 4.60.49153 - National Instruments) Hidden NI MDF Support (x32 Version: 2.71.128 - National Instruments) Hidden NI Measurement & Automation Explorer 4.6.0 (x32 Version: 4.60.49153 - National Instruments) Hidden NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden NI MXS 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI MXS 4.6.0 for 64 Bit Windows (Version: 4.60.49152 - National Instruments) Hidden NI MXS 4.6.0f0 for LabVIEW Real-Time (x32 Version: 4.60.49152 - National Instruments) Hidden NI OPC Support (x32 Version: 9.0.35.0 - National Instruments) Hidden NI Portable Configuration 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI Portable Configuration Help for 64 Bit Windows 4.6.0 (Version: 4.60.49152 - National Instruments) Hidden NI Registration Wizard (x32 Version: 1.2.71 - National Instruments) Hidden NI Remote Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI Remote PXI Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI Service Locator (x32 Version: 9.0.260.0 - National Instruments) Hidden NI Software Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden NI SSL LabVIEW 2009 Support (64-bit) (Version: 9.0.92.0 - National Instruments) Hidden NI SSL Support (64-bit) (Version: 9.0.11.0 - National Instruments) Hidden NI SSL Support (x32 Version: 9.0.5.0 - National Instruments) Hidden NI System API RT (x32 Version: 1.0.45.0 - National Instruments) Hidden NI System API Windows 32-bit (x32 Version: 1.0.48.0 - National Instruments) Hidden NI System API Windows 64-bit (Version: 1.0.41.0 - National Instruments) Hidden NI System State Publisher (64-bit) (Version: 9.0.128.0 - National Instruments) Hidden NI System State Publisher (x32 Version: 9.0.150.0 - National Instruments) Hidden NI TDM Excel Add-In 2.1 (x32 Version: 2.1.37.0 - National Instruments) Hidden NI TDMS (64-bit) (Version: 2.0.170.0 - National Instruments) Hidden NI TDMS (x32 Version: 2.0.170.0 - National Instruments) Hidden NI Trace Engine (64-bit) (Version: 9.0.128.0 - National Instruments) Hidden NI Trace Engine (x32 Version: 9.0.146.0 - National Instruments) Hidden NI Uninstaller (x32 Version: 2.71.128 - National Instruments) Hidden NI USI 1.7.0 (x32 Version: 1.7.03805 - National Instruments) Hidden NI USI 1.7.0 64-Bit (Version: 1.7.03805 - National Instruments) Hidden NI Variable Engine (64-bit) (Version: 2.3.26.0 - National Instruments) Hidden NI Variable Engine 2.3.0 (x32 Version: 2.3.59.0 - National Instruments) Hidden NI Variable Engine LabVIEW 2009 Support (Version: 9.0.172.0 - National Instruments) Hidden NI VC2005MSMs x64 (Version: 8.01.5 - National Instruments) Hidden NI VC2005MSMs x86 (x32 Version: 8.01.5 - National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.100 - National Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.100 - National Instruments) Hidden NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.1 (x32 Version: 1.10.46.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.1 64-bit (Version: 1.10.47.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.1 (x32 Version: 2.7.123.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.1 64-bit (Version: 2.7.128.0 - National Instruments) Hidden NI-DAQmx - LabVIEW shared documentation (x32 Version: 1.50.49152 - National Instruments) Hidden NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.5.0 (Version: 1.50.49152 - National Instruments) Hidden NI-RPC 4.1.1f0 (x32 Version: 4.11.49152 - National Instruments) Hidden NI-RPC 4.1.1f0 for 64 Bit Windows (Version: 4.11.49152 - National Instruments) Hidden NI-RPC 4.1.1f0 for Phar Lap ETS (x32 Version: 4.11.49152 - National Instruments) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.18320 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec) Omega (HKLM-x32\...\Omega) (Version: - ) Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org) Origin90 (HKLM-x32\...\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}) (Version: 9.00.00 - OriginLab Corporation) PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery) pdfforge Toolbar v6.0 (HKLM-x32\...\{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}) (Version: 6.0 - Spigot, Inc.) <==== ATTENTION PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd) PDF-XChange Viewer (HKLM\...\{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}) (Version: 2.5.193.0 - Tracker Software Products Ltd.) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5888 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.) SD PresentationEngine for PowerPoint (HKLM-x32\...\{E00679D5-2BD3-4DD2-AF5F-E67987703F6B}) (Version: 2.80.0024 - SkabelonDesign) Secure Download Manager (HKLM-x32\...\{C28422FB-F2CD-427A-ADED-9F281745CDB2}) (Version: 3.0.3 - e-academy Inc.) SecureW2 Enterprise Client 3.1.4 for Windows (HKLM-x32\...\SecureW2 Enterprise Client) (Version: - ) Self-Service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.) Software von National Instruments (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments) SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - SopCast - Free P2P internet TV | live football, NBA, cricket) Spark 2.5.8 (HKLM-x32\...\Spark 2.5.8) (Version: - Jive Software) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Star Defender 4 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}) (Version: - Oberon Media) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated) Texmaker (HKLM-x32\...\Texmaker) (Version: - ) ThinLinc Client 3.3.0 (HKLM-x32\...\tlclient) (Version: - ) TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2020.4 - TuneUp Software) Hidden Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{C5325053-3C37-4A69-959E-4802AE6686EF}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) uTorrentBar_DE Toolbar (HKLM-x32\...\uTorrentBar_DE Toolbar) (Version: 6.3.5.3 - uTorrentBar_DE) <==== ATTENTION Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc) Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation) Winamp (HKLM-x32\...\Winamp) (Version: 5.581 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\95E56D57DA5C5A08C88234D00B94023A8AD713AA) (Version: 02/17/2009 2.04.16 - FTDI) Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\C3323A996199A7675B69D3FDB0A25449206A4231) (Version: 02/17/2009 2.04.16 - FTDI) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) ==================== Restore Points ========================= 03-03-2014 14:50:22 Configured CambridgeSoft ChemDraw Ultra 11.0 03-03-2014 14:59:38 Removed CambridgeSoft ChemDraw Ultra 12.0. 03-03-2014 15:08:28 Removed CambridgeSoft Activation Client. ==================== Hosts content: ========================== 2009-07-14 03:34 - 2012-07-09 17:10 - 00443048 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³ 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 Gadgets And More 127.0.0.1 10sek.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 Easy 123 Movie Download There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {227C5CE4-75B4-47AA-BF77-89B04B897F17} - System32\Tasks\{C6FA034A-919B-4F96-9DF7-A6A71DF18CF3} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {51536293-D544-4E53-BFB2-3F255DD4B466} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer) Task: {59000224-E522-4423-BF4D-50E785A02E71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated) Task: {660CD02C-9FC0-463D-893D-6D5D5B88FD05} - System32\Tasks\AdobeAAMUpdater-1.0-CHoffmann-Christian Hoffmann => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {A0C726CA-43D3-4A2D-9975-32F31808E930} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {E3F6C6FE-7E27-487E-8103-A65DA5F0B64C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-21 17:14 - 2010-11-20 14:27 - 00326144 _____ () C:\Windows\system32\mswsock.dll 2009-07-14 00:19 - 2009-07-14 02:39 - 00328704 ____N () C:\Windows\system32\services.exe 2011-06-21 17:14 - 2010-11-20 14:27 - 00326144 _____ () C:\Windows\system32\MSWSOCK.dll 2011-06-21 17:14 - 2010-11-20 14:27 - 00326144 _____ () C:\Windows\System32\mswsock.dll 2012-03-19 14:20 - 2010-03-04 16:56 - 00289280 _____ () C:\Windows\System32\HP1100LM.DLL 2011-09-09 16:48 - 2011-02-17 18:13 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll 2011-01-29 13:30 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2006-12-04 00:26 - 2006-12-04 00:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll 2012-03-19 14:21 - 2010-03-04 16:56 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2007-08-20 13:12 - 2007-08-20 13:12 - 00136192 _____ () C:\HiTec\bin\wim_serv.exe 2011-06-17 13:35 - 2009-03-03 11:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe 2009-07-17 16:20 - 2009-07-17 16:20 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2010-10-29 21:44 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2009-10-14 18:14 - 2009-10-14 18:14 - 00200704 _____ () C:\Windows\PLFSetI.exe 2009-07-29 21:10 - 2009-07-29 21:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2009-09-29 20:37 - 2009-09-29 20:37 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-10-29 14:02 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2007-02-20 14:47 - 2007-02-20 14:47 - 00134144 _____ () C:\HiTec\bin\ANW.DLL 2007-02-20 14:47 - 2007-02-20 14:47 - 00163840 _____ () C:\HiTec\bin\POOL.DLL 2007-02-20 14:47 - 2007-02-20 14:47 - 00131072 _____ () C:\HiTec\bin\WIM_REG.DLL 2007-08-16 16:34 - 2007-08-16 16:34 - 00147456 _____ () C:\HiTec\bin\SYS_DLL.DLL 2010-11-08 11:09 - 2010-11-08 11:09 - 00172544 _____ () C:\HiTec\bin\HDB_POST.DLL 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Christian Hoffmann\AppData\Roaming\Dropbox\bin\libcef.dll 2014-02-18 16:25 - 2014-02-18 16:25 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-12-11 22:09 - 2014-02-06 10:06 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-12-11 22:09 - 2014-02-06 10:06 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-12-11 22:09 - 2014-02-06 10:06 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-02-21 10:11 - 2014-02-21 10:11 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll 2012-02-13 13:24 - 2014-02-04 16:37 - 00294400 _____ () C:\Program Files (x86)\Mendeley Desktop\Mendeley.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TempFC5A2B2 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" MSCONFIG\startupreg: Spark => C:\Program Files (x86)\Spark\Spark.exe MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/28/2014 01:53:26 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/23/2014 07:49:31 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/18/2014 11:35:35 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/16/2014 11:37:56 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/07/2014 06:02:26 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/05/2014 00:08:46 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/04/2014 00:28:37 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/03/2014 10:38:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/01/2014 06:39:57 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6661.5000, Zeitstempel: 0x4f7cd9da Name des fehlerhaften Moduls: wwlib.dll, Version: 12.0.6661.5000, Zeitstempel: 0x4f7cdad7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00dcb599 ID des fehlerhaften Prozesses: 0x1778 Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0 Pfad der fehlerhaften Anwendung: WINWORD.EXE1 Pfad des fehlerhaften Moduls: WINWORD.EXE2 Berichtskennung: WINWORD.EXE3 Error: (01/31/2014 02:37:02 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. System errors: ============= Error: (03/03/2014 01:34:20 PM) (Source: Service Control Manager) (User: ) Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/03/2014 01:34:20 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/03/2014 01:33:51 PM) (Source: Tcpip) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse 82.130.65.11 mit dem Computer mit der Netzwerkhardwareadresse 90-1B-0E-1A-AB-A3 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (03/03/2014 00:42:31 PM) (Source: Service Control Manager) (User: ) Description: cdrom Error: (03/03/2014 00:41:41 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (03/03/2014 00:41:37 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (03/03/2014 00:41:37 PM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (03/02/2014 09:34:19 PM) (Source: Service Control Manager) (User: ) Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/02/2014 09:34:19 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (03/02/2014 06:07:26 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Microsoft Office Sessions: ========================= Error: (02/01/2014 06:39:56 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14028 seconds with 4500 seconds of active time. This session ended with a crash. Error: (06/20/2012 08:06:33 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4896 seconds with 1620 seconds of active time. This session ended with a crash. Error: (04/10/2012 10:14:37 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12000 seconds with 6120 seconds of active time. This session ended with a crash. Error: (04/02/2012 00:41:46 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12129 seconds with 2820 seconds of active time. This session ended with a crash. Error: (03/25/2012 04:01:33 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4813 seconds with 1860 seconds of active time. This session ended with a crash. Error: (01/09/2011 08:09:06 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17459 seconds with 1380 seconds of active time. This session ended with a crash. Error: (10/28/2010 10:01:20 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12488 seconds with 300 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 76% Total physical RAM: 3998.84 MB Available physical RAM: 949.23 MB Total Pagefile: 7995.87 MB Available Pagefile: 4459.45 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:285.99 GB) (Free:108.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: C13DD012) Partition: GPT Partition Type. ==================== End Of Log ============================][/CODE] Schlussendlich ist Avira ebenfalls fertig geworden. Hier ist der dazugehörige Bericht. Ich wäre super dankbar für Hilfe.[vira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 3. März 2014 15:47 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Antivirus Free Seriennummer : 0000149996-AVHOE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : CHOFFMANN Versionsinformationen: BUILD.DAT : 14.0.3.338 56624 Bytes 14.02.2014 11:00:00 AVSCAN.EXE : 14.0.3.332 1058384 Bytes 20.02.2014 13:49:52 AVSCANRC.DLL : 14.0.2.292 62008 Bytes 18.02.2014 13:30:40 LUKE.DLL : 14.0.3.336 65616 Bytes 20.02.2014 13:49:54 AVSCPLR.DLL : 14.0.3.336 124496 Bytes 20.02.2014 13:49:52 AVREG.DLL : 14.0.3.336 250448 Bytes 20.02.2014 13:49:52 avlode.dll : 14.0.3.336 544848 Bytes 20.02.2014 13:49:52 avlode.rdf : 14.0.3.26 58589 Bytes 12.02.2014 16:07:20 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 15:14:28 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 21:00:56 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 21:15:04 VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 17:39:40 VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 04:47:28 VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 17:08:16 VBASE006.VDF : 7.11.103.230 2293248 Bytes 24.09.2013 15:29:23 VBASE007.VDF : 7.11.116.38 5485568 Bytes 28.11.2013 17:10:25 VBASE008.VDF : 7.11.126.50 3615744 Bytes 22.01.2014 14:18:45 VBASE009.VDF : 7.11.128.174 2030080 Bytes 03.02.2014 14:39:57 VBASE010.VDF : 7.11.128.175 2048 Bytes 03.02.2014 14:39:57 VBASE011.VDF : 7.11.128.176 2048 Bytes 03.02.2014 14:39:57 VBASE012.VDF : 7.11.128.177 2048 Bytes 03.02.2014 14:39:58 VBASE013.VDF : 7.11.128.178 2048 Bytes 03.02.2014 14:39:58 VBASE014.VDF : 7.11.129.9 211456 Bytes 04.02.2014 14:08:20 VBASE015.VDF : 7.11.129.163 215040 Bytes 06.02.2014 14:40:39 VBASE016.VDF : 7.11.130.21 220672 Bytes 08.02.2014 09:35:54 VBASE017.VDF : 7.11.130.99 230400 Bytes 10.02.2014 15:59:41 VBASE018.VDF : 7.11.130.193 195072 Bytes 11.02.2014 16:07:19 VBASE019.VDF : 7.11.131.53 285184 Bytes 13.02.2014 14:54:25 VBASE020.VDF : 7.11.131.125 154624 Bytes 14.02.2014 09:33:57 VBASE021.VDF : 7.11.131.201 194560 Bytes 15.02.2014 13:42:08 VBASE022.VDF : 7.11.132.11 233472 Bytes 17.02.2014 13:42:08 VBASE023.VDF : 7.11.132.80 415232 Bytes 18.02.2014 13:30:32 VBASE024.VDF : 7.11.132.205 185344 Bytes 20.02.2014 13:49:56 VBASE025.VDF : 7.11.133.33 291328 Bytes 22.02.2014 20:30:22 VBASE026.VDF : 7.11.133.81 134144 Bytes 23.02.2014 18:19:28 VBASE027.VDF : 7.11.133.143 183808 Bytes 25.02.2014 08:18:00 VBASE028.VDF : 7.11.133.215 247808 Bytes 27.02.2014 21:04:05 VBASE029.VDF : 7.11.134.9 160256 Bytes 28.02.2014 15:46:00 VBASE030.VDF : 7.11.134.15 2048 Bytes 28.02.2014 15:46:00 VBASE031.VDF : 7.11.134.16 84992 Bytes 28.02.2014 15:46:00 Engineversion : 8.2.14.18 AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 16:02:53 AESCRIPT.DLL : 8.1.4.194 524670 Bytes 27.02.2014 21:04:04 AESCN.DLL : 8.1.10.6 131447 Bytes 11.12.2013 19:03:54 AESBX.DLL : 8.2.20.6 1331575 Bytes 13.01.2014 14:07:40 AERDL.DLL : 8.2.0.138 704888 Bytes 07.12.2013 19:45:20 AEPACK.DLL : 8.4.0.4 774520 Bytes 27.02.2014 21:04:04 AEOFFICE.DLL : 8.1.2.82 205181 Bytes 19.02.2014 15:17:13 AEHEUR.DLL : 8.1.4.938 6521210 Bytes 27.02.2014 21:04:04 AEHELP.DLL : 8.1.27.10 266618 Bytes 22.11.2013 13:00:33 AEGEN.DLL : 8.1.7.22 446839 Bytes 15.01.2014 15:49:49 AEEXP.DLL : 8.4.1.238 483704 Bytes 27.02.2014 21:04:04 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55 AECORE.DLL : 8.1.35.0 229753 Bytes 12.02.2014 16:07:19 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 19:15:22 AVWINLL.DLL : 14.0.3.252 23608 Bytes 20.02.2014 13:49:52 AVPREF.DLL : 14.0.3.252 48696 Bytes 20.02.2014 13:49:52 AVREP.DLL : 14.0.3.252 175672 Bytes 20.02.2014 13:49:52 AVARKT.DLL : 14.0.3.336 256080 Bytes 20.02.2014 13:49:52 AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 20.02.2014 13:49:52 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40 AVSMTP.DLL : 14.0.3.252 60472 Bytes 20.02.2014 13:49:52 NETNT.DLL : 14.0.3.252 13368 Bytes 20.02.2014 13:49:54 RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 20.02.2014 13:49:52 RCTEXT.DLL : 14.0.3.282 72760 Bytes 20.02.2014 13:49:52 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: Interaktiv Sekundäre Aktion......................: Ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Montag, 3. März 2014 15:47 Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'HDD0(C' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. c:\program files (x86)\creative\shared files\ctdevsrv.exe [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. [WARNUNG] Die Datei wurde ignoriert. c:\program files (x86)\creative\creative centrale\ctupnpsv.exe [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. [WARNUNG] Die Datei wurde ignoriert. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\PendingFileRenameOperations [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '131' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '126' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '110' Modul(e) wurden durchsucht Durchsuche Prozess 'btwdins.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'dsiwmis.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'GregHSRW.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'HPSIsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'lkads.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'lktsrv.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'MWLService.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'nimxs.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'NBService.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'nidmsrv.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'nisvcloc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'tagsrv.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'NOBuAgent.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'IScheduleSvc.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'RS_Service.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'wim_serv.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'WTGService.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'IAANTMon.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'Eap3Host.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '113' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '121' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '202' Modul(e) wurden durchsucht Durchsuche Prozess 'IAAnotif.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'mwlDaemon.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'PLFSetI.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'netsession_win.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'SpotifyWebHelper.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'BTTray.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'SSScheduler.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '97' Modul(e) wurden durchsucht Durchsuche Prozess 'netsession_win.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'LManager.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'EgisUpdate.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'pdf24.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '170' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerTray.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxext.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '130' Modul(e) wurden durchsucht Durchsuche Prozess 'thunderbird.exe' - '150' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_12_0_0_70.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_12_0_0_70.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'MendeleyDesktop.exe' - '79' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '121' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '127' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'WINWORD.EXE' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'splwow64.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'MendeleyWordPlugin.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht Modul ist infiziert -> <C:\Windows\system32\services.exe> [FUND] Enthält Code des Windows-Virus W32/Patched.UA [HINWEIS] Prozess 'services.exe' wurde beendet [WARNUNG] Bei diesem Prozess handelt es sich um einen Systemprozess. Die zugehörige Datei wird hicht gelöscht. Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Acer> C:\Users\Christian Hoffmann\AppData\Local\Temp\120718284.exe [FUND] Ist das Trojanische Pferd TR/Spy.ZBot.ahl.2 C:\Users\Christian Hoffmann\AppData\Local\Temp\120721186.exe [FUND] Ist das Trojanische Pferd TR/Spy.ZBot.ahl.2 C:\Users\Christian Hoffmann\AppData\Local\Temp\2QMOnrKY.exe.part [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7 [0] Archivtyp: RSRC --> C:\Users\Christian Hoffmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [1] Archivtyp: RSRC --> C:\$Recycle.Bin\S-1-5-21-247232768-2787100430-3548774350-1000\$RP6RNN7.exe [2] Archivtyp: NSIS --> C:\$Recycle.Bin\S-1-5-21-247232768-2787100430-3548774350-1000\$RQS2OVG.exe [3] Archivtyp: Inno Setup --> C:\$Recycle.Bin\S-1-5-21-247232768-2787100430-3548774350-1000\$RQSO9KD.exe [4] Archivtyp: Runtime Packed --> C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\HTCA_SelfExtract.bin [5] Archivtyp: OVL --> C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\SPELL-JAM.exe [6] Archivtyp: RSRC --> C:\Program Files (x86)\EgisTec\MyWinLocker 3\HTCA_SelfExtract.bin [7] Archivtyp: OVL --> C:\Users\Christian Hoffmann\AppData\Local\Temp\DJVRTB [8] Archivtyp: ZIP --> okmokmokmoka.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.V.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> okmokmokmokb.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> NewClass1.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.R.2 [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> okmokmokmokc.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Kara.AI.4 [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\Christian Hoffmann\AppData\Local\Temp\DJVRTB [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Kara.AI.4 --> C:\Users\Christian Hoffmann\AppData\Local\Temp\jar_cache4610014545514560468.tmp [8] Archivtyp: ZIP --> ad9djcmd.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CY [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> Example.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ivinest.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> Help.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CL [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> TestApplet.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CM [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\Christian Hoffmann\AppData\Local\Temp\jar_cache4610014545514560468.tmp [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CM C:\Windows\assembly\GAC_32\Desktop.ini [FUND] Ist das Trojanische Pferd TR/Sirefef.AB.26 C:\Windows\assembly\GAC_64\Desktop.ini [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\L\00000004.@ [FUND] Ist das Trojanische Pferd TR/ZAccess.H C:\Windows\System32\services.exe [FUND] Enthält Code des Windows-Virus W32/Patched.UA Beginne mit der Desinfektion: C:\Windows\System32\services.exe [FUND] Enthält Code des Windows-Virus W32/Patched.UA [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55015e44.qua erstellt ( QUARANTÄNE ) [WARNUNG] Die Datei wurde auf Nachfrage nicht repariert! C:\Windows\Installer\{e1efd280-3117-80e7-57a2-620bf46ab1f3}\L\00000004.@ [FUND] Ist das Trojanische Pferd TR/ZAccess.H [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d5471c7.qua' verschoben! C:\Windows\assembly\GAC_64\Desktop.ini [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! [WARNUNG] Die Datei konnte nicht gelöscht werden! [HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet. [HINWEIS] Die Datei wurde zum Löschen nach einem Neustart markiert. [HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet. C:\Windows\assembly\GAC_32\Desktop.ini [FUND] Ist das Trojanische Pferd TR/Sirefef.AB.26 [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! [WARNUNG] Die Datei konnte nicht gelöscht werden! [HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet. [HINWEIS] Die Datei wurde zum Löschen nach einem Neustart markiert. [HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet. C:\Users\Christian Hoffmann\AppData\Local\Temp\jar_cache4610014545514560468.tmp [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CM [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3c7a499d.qua' verschoben! C:\Users\Christian Hoffmann\AppData\Local\Temp\DJVRTB [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Kara.AI.4 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '438d7b87.qua' verschoben! C:\Users\Christian Hoffmann\AppData\Local\Temp\2QMOnrKY.exe.part [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0f3e57c5.qua' verschoben! C:\Users\Christian Hoffmann\AppData\Local\Temp\120721186.exe [FUND] Ist das Trojanische Pferd TR/Spy.ZBot.ahl.2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '730317b4.qua' verschoben! C:\Users\Christian Hoffmann\AppData\Local\Temp\120718284.exe [FUND] Ist das Trojanische Pferd TR/Spy.ZBot.ahl.2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5e5938f9.qua' verschoben! [/CODE] |
05.03.2014, 08:57 | #5 |
/// the machine /// TB-Ausbilder | Trojaner 'W32/Patched.UA' festgestelltSo funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Trojaner 'W32/Patched.UA' festgestellt |
adware/installcore.gen7, exp/2012-0507.cl, exp/2012-0507.cm, exp/cve-2012-1723.a.gen, exp/java.ivinest.gen, exp/java.rafold.v.gen, java/dldr.kara.ai.4, java/dldr.lamar.cy, java/dldr.pesur.r.2, präzise, tr/atraps.gen2, tr/sirefef.ab.26, tr/spy.zbot.ahl.2, tr/zaccess.h, trojaner/virus, w32/patched.ua |