| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAPS.Gen2 und TR/ATRAPS.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.08.2012, 23:12
| #1 |
 |  TR/ATRAPS.Gen2 und TR/ATRAPS.Gen Hallo, heute morgen hat mein Avira Free Antivirus das erste Mal W32/Patched.UA in C:\Windows\System32\services.exe gemeldet. Dieses Ding habe ich in die Quarantäne verschoben. Seitdem meldet mir Avira alle 3-4 min, während ich im Internet bin: TR/ATRAPS.Gen2 Quelle: C:\Windows\Installer\{5c0b5c6d-ea04-f662-e6ee-6a7ba91c9543}\U\800000cb.@ und kurz danach: TR/ATRAPS.Gen Quelle: C:\Windows\Installer\{5c0b5c6d-ea04-f662-e6ee-6a7ba91c9543}\U\80000000.@ Freue mich, wenn jemand helfen kann! lg, Regina PS: In Aviras Quarantäne steht noch ein Eintrag vom 29.07.2012, an dessen Meldung ich mich nicht erinnern kann, und zwar: TR/Vundo.Gen7 Quelle: C:\Program Files (x86)\VectorWorks 11\Plug-Ins\Roofer.dll OTL.txt Code:
ATTFilter OTL logfile created on: 02.08.2012 23:26:46 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Regina\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 53,09% Memory free 7,35 Gb Paging File | 5,54 Gb Available in Paging File | 75,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583,07 Gb Total Space | 111,37 Gb Free Space | 19,10% Space Free | Partition Type: NTFS Computer Name: REGINA-PC | User Name: Regina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.08.02 23:24:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Regina\Downloads\OTL.exe PRC - [2012.08.02 12:43:32 | 000,045,568 | ---- | M] (Sweetest Information Corporation) -- C:\Users\Regina\AppData\Local\Temp\8861153.exe PRC - [2012.06.27 19:01:03 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.06.27 19:01:02 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.12 11:09:29 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.12 11:09:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.12 11:09:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.12 11:09:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe PRC - [2010.07.12 08:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe PRC - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2012.06.27 19:01:04 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.06.27 19:01:02 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.06.18 23:28:06 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.18 23:27:25 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.18 23:27:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.10 10:15:34 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll MOD - [2012.05.10 10:09:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 10:08:36 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.10 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.10 10:08:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.10 10:08:28 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.10 10:08:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe MOD - [2010.07.12 08:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe MOD - [2010.07.12 08:52:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll MOD - [2010.06.12 05:56:26 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.12 05:56:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.27 16:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.18 20:03:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.27 19:01:03 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.05.12 11:09:29 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.12 11:09:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.12 11:09:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.13 22:11:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.11.08 17:09:29 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.23 10:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.12 11:09:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.12 11:09:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.15 12:23:22 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ta2avs.sys -- (ta2avs) DRV:64bit: - [2010.12.15 12:23:22 | 000,075,856 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ta2usb.sys -- (ta2usb_svc) DRV:64bit: - [2010.09.27 16:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2010.09.27 16:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2010.09.27 16:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2010.09.27 16:42:02 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock) DRV:64bit: - [2010.09.27 16:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2010.09.27 16:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.03.17 16:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64) DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.11.05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360610k416l0443z185t5631j131 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360610k416l0443z185t5631j131 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360610k416l0443z185t5631j131 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360610k416l0443z185t5631j131 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360610k416l0443z185t5631j131 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={F118EE41-0E6B-4AD4-A128-C9721C543BF4}&mid=c1111d06f68847d0a3861943ef67903b-406d00295e6c021b0ac631abf69d7746503e64b8&lang=de&ds=od011&pr=sa&d=2012-06-27 19:01:04&v=11.1.0.12&sap=hp IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE383DE383 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F118EE41-0E6B-4AD4-A128-C9721C543BF4}&mid=c1111d06f68847d0a3861943ef67903b-406d00295e6c021b0ac631abf69d7746503e64b8&lang=de&ds=od011&pr=sa&d=2012-06-27 19:01:04&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{E1CCAF70-21BD-4CB8-B683-98CA1166A051}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B7c74c064-44b8-4774-ab4b-bb3e93c462ba%7D&mid=c1111d06f68847d0a3861943ef67903b-406d00295e6c021b0ac631abf69d7746503e64b8&ds=od011&v=11.1.0.12&lang=de&pr=sa&d=2012-06-27%2019%3A01%3A04&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.06.27 19:01:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:03:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 22:38:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.25 09:26:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.05 21:58:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:03:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 22:38:43 | 000,000,000 | ---D | M] [2010.06.21 19:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Regina\AppData\Roaming\mozilla\Extensions [2010.06.21 19:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Regina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.02 23:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\p1y5cce8.default\extensions [2012.07.26 11:00:46 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\p1y5cce8.default\extensions\toolbar@ask.com [2012.04.29 12:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.01.08 18:20:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.07.05 07:30:19 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\REGINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P1Y5CCE8.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012.07.18 20:03:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.14 22:38:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.09.12 21:10:33 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.04.02 22:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.27 19:01:02 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.04.02 22:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.02 22:14:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.02 22:14:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.02 22:14:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.02 22:14:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [DAT3709.tmp.exe] C:\Users\Regina\AppData\Local\Temp\DAT3709.tmp.exe (Sweetest Information Corporation) O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3665061-F5E3-4DE3-8538-A9B2F0B01307}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3f986b3a-9908-11e0-a556-c80aa98379c8}\Shell - "" = AutoRun O33 - MountPoints2\{3f986b3a-9908-11e0-a556-c80aa98379c8}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe O33 - MountPoints2\{eceb4d5a-74e4-11e0-a0e2-c80aa98379c8}\Shell - "" = AutoRun O33 - MountPoints2\{eceb4d5a-74e4-11e0-a0e2-c80aa98379c8}\Shell\AutoRun\command - "" = D:\SetupSeriesA.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 12:46:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.07.12 08:38:10 | 000,000,000 | ---D | C] -- C:\Users\Regina\AppData\Roaming\pdfforge [2012.07.12 08:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.07.12 08:38:06 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.07.06 13:46:18 | 000,000,000 | ---D | C] -- C:\UserData [2012.07.06 13:41:29 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys [2012.07.06 13:41:29 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys [2012.07.06 13:41:29 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys [2012.07.06 13:41:29 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys [2012.07.06 13:40:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB [2012.07.06 13:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.07.06 13:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick [2012.07.05 15:38:53 | 000,000,000 | ---D | C] -- C:\Users\Regina\AppData\Roaming\elsterformular [2012.07.05 15:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.07.05 15:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.07.05 15:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2010.08.07 01:15:40 | 000,061,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Regina\_0AA6EBFE1D884E4E80D3DF6A7757540D ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2012.08.02 23:23:25 | 000,000,000 | ---- | M] () -- C:\Users\Regina\defogger_reenable [2012.08.02 23:10:39 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.02 23:09:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 16:55:17 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.02 16:55:17 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.02 16:55:17 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.02 16:55:17 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.02 16:55:17 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.02 16:40:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 16:39:12 | 005,105,423 | ---- | M] () -- C:\Users\Regina\Desktop\120802_Aussenbereich.vwx [2012.08.02 10:23:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 10:23:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 10:15:58 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2012.07.29 14:55:08 | 000,160,989 | ---- | M] () -- C:\Users\Regina\Desktop\Variante 1,20m.pdf [2012.07.29 14:18:10 | 000,159,056 | ---- | M] () -- C:\Users\Regina\Desktop\Variante 1.pdf [2012.07.28 23:46:56 | 000,020,483 | ---- | M] () -- C:\Users\Regina\Desktop\img-patti-smith-1_133132350240.jpg_med_thumb.jpg [2012.07.28 23:40:31 | 000,315,656 | ---- | M] () -- C:\Users\Regina\Desktop\superstudio6_905.jpg [2012.07.28 23:37:04 | 000,427,283 | ---- | M] () -- C:\Users\Regina\Desktop\Auroville_master_plan_1_905.jpg [2012.07.28 23:36:18 | 000,226,308 | ---- | M] () -- C:\Users\Regina\Desktop\02-keith-kawaii-Sundrips_905.jpg [2012.07.28 23:35:44 | 000,146,850 | ---- | M] () -- C:\Users\Regina\Desktop\Anuszkiewicz4.jpg [2012.07.20 15:32:57 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.12 08:46:51 | 002,296,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.05 13:02:30 | 000,095,744 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2012.08.02 23:33:24 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{5c0b5c6d-ea04-f662-e6ee-6a7ba91c9543}\U\800000cb.@ [2012.08.02 23:33:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{5c0b5c6d-ea04-f662-e6ee-6a7ba91c9543}\U\80000000.@ [2012.08.02 23:23:25 | 000,000,000 | ---- | C] () -- C:\Users\Regina\defogger_reenable [2012.08.02 17:01:13 | 005,105,423 | ---- | C] () -- C:\Users\Regina\Desktop\120802_Aussenbereich.vwx [2012.08.02 12:43:56 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{5c0b5c6d-ea04-f662-e6ee-6a7ba91c9543}\U\00000001.@ [2012.07.29 14:54:13 | 000,160,989 | ---- | C] () -- C:\Users\Regina\Desktop\Variante 1,20m.pdf [2012.07.29 14:08:12 | 000,159,056 | ---- | C] () -- C:\Users\Regina\Desktop\Variante 1.pdf [2012.07.28 23:46:55 | 000,020,483 | ---- | C] () -- C:\Users\Regina\Desktop\img-patti-smith-1_133132350240.jpg_med_thumb.jpg [2012.07.28 23:40:31 | 000,315,656 | ---- | C] () -- C:\Users\Regina\Desktop\superstudio6_905.jpg [2012.07.28 23:37:04 | 000,427,283 | ---- | C] () -- C:\Users\Regina\Desktop\Auroville_master_plan_1_905.jpg [2012.07.28 23:36:17 | 000,226,308 | ---- | C] () -- C:\Users\Regina\Desktop\02-keith-kawaii-Sundrips_905.jpg [2012.07.28 23:35:40 | 000,146,850 | ---- | C] () -- C:\Users\Regina\Desktop\Anuszkiewicz4.jpg [2012.07.06 13:46:18 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2012.06.12 19:54:19 | 000,010,569 | ---- | C] () -- C:\Windows\CSTBox.INI [2012.05.15 14:13:44 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.15 14:13:44 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT [2012.01.11 17:41:33 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5c0b5c6d-ea04-f662-e6ee-6a7ba91c9543}\@ [2012.01.11 17:41:33 | 000,002,048 | -HS- | C] () -- C:\Users\Regina\AppData\Local\{5c0b5c6d-ea04-f662-e6ee-6a7ba91c9543}\@ [2011.08.18 11:39:57 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2011.07.13 22:16:44 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2011.04.06 20:52:12 | 000,000,000 | ---- | C] () -- C:\Users\Regina\.gtk-bookmarks [2011.04.06 20:46:48 | 000,678,241 | ---- | C] () -- C:\Users\Regina\.fonts.cache-1 [2011.04.05 21:46:01 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE [2011.04.05 21:46:01 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hdsuinst.exe [2011.04.05 21:46:01 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI [2010.11.08 17:09:31 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2010.08.08 12:30:51 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2010.06.28 20:41:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.13 12:56:05 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.06.12 19:45:54 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Canon [2012.05.27 09:15:09 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\CD-LabelPrint [2010.11.08 17:10:03 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\EDrawings [2012.07.05 15:38:57 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\elsterformular [2012.07.29 17:34:51 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\foobar2000 [2010.09.12 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Foxit Software [2011.12.07 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Greenshot [2011.04.11 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Nemetschek [2011.12.05 22:46:18 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\net.nemetschek.vectorworks.2012.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1 [2012.06.27 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\OpenCandy [2010.09.14 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\OpenOffice.org [2010.08.07 01:18:09 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\PACE Anti-Piracy [2012.07.12 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\pdfforge [2010.06.12 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\PowerCinema [2011.11.08 18:07:44 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\SimpleScreenshot [2011.12.13 18:21:48 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Sync App Settings [2010.06.21 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Thunderbird [2012.05.04 09:00:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 23:26:46 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Regina\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 53,09% Memory free
7,35 Gb Paging File | 5,54 Gb Available in Paging File | 75,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,07 Gb Total Space | 111,37 Gb Free Space | 19,10% Space Free | Partition Type: NTFS
Computer Name: REGINA-PC | User Name: Regina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9500_II_series" = Canon Pro9500 II series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804" = CanoScan 8600F
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{3054FEFA-4748-4cf0-8C3C-8DB887DE379F}" = Native Instruments Traktor Audio 2
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3B582B41-5FFC-4AB8-B006-A087BDE74494}" = Iomega Encryption
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F07D7AF-4E33-95E3-DDD6-360C6CCAF34F}" = Vectorworks 2012 Help
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61D199C4-5E32-4616-BA4E-1EB52CA6DA2B}" = SolidWorks eDrawings 2011
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Foxit Toolbar
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Allway Sync_is1" = Allway Sync version 9.2.11
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon Pro9500 Mark II series Benutzerregistrierung" = Canon Pro9500 Mark II series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"ElsterFormular 13.2.0.8623u" = ElsterFormular
"foobar2000" = foobar2000 v1.1.10
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Greenshot_is1" = Greenshot
"HASP HL Device Driver" = HASP HL Device Driver
"HASP License Manager" = HASP License Manager
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Traktor Audio 2" = Native Instruments Traktor Audio 2
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo (32-bit)
"net.nemetschek.vectorworks.2012.help.eng.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1" = Vectorworks 2012 Help
"Soulseek2" = SoulSeek 157 NS 13e
"ST5UNST #1" = Kaminfeuer Titanium Edition II
"StandardTime" = Standard Time
"VectorWorks 11" = VectorWorks 11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.07.2012 07:42:12 | Computer Name = Regina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\1&1 Surf-Stick\Component\BKATProtocol.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 09.07.2012 05:09:08 | Computer Name = Regina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.1.4548,
Zeitstempel: 0x4fda5ff0 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x2e8 Startzeit der fehlerhaften Anwendung: 0x01cd5db27ba62a87 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
bcc86419-c9a5-11e1-a2b7-c80aa98379c8
Error - 12.07.2012 02:29:46 | Computer Name = Regina-PC | Source = Application Hang | ID = 1002
Description = Programm PDFCreator.exe, Version 1.4.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d20 Startzeit:
01cd5ff7a18bc5b3 Endzeit: 24 Anwendungspfad: C:\Program Files (x86)\PDFCreator\PDFCreator.exe
Berichts-ID:
ec46da2e-cbea-11e1-b4c1-c80aa98379c8
Error - 12.07.2012 02:32:43 | Computer Name = Regina-PC | Source = Application Hang | ID = 1002
Description = Programm PDFCreator.exe, Version 1.4.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 112c Startzeit:
01cd5ff80192a136 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\PDFCreator\PDFCreator.exe
Berichts-ID:
5f1154b2-cbeb-11e1-b4c1-c80aa98379c8
Error - 13.07.2012 04:31:15 | Computer Name = Regina-PC | Source = Application Hang | ID = 1002
Description = Programm STTime.scr, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c6c Startzeit:
01cd60d0bf2d6136 Endzeit: 23 Anwendungspfad: C:\PROGRA~2\STANDA~1\STANDA~1\STTime.scr
Berichts-ID:
100b6abc-ccc5-11e1-9994-c80aa98379c8
Error - 13.07.2012 09:26:15 | Computer Name = Regina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.1.4548,
Zeitstempel: 0x4fda5ff0 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x578 Startzeit der fehlerhaften Anwendung: 0x01cd60fb110ccd1a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
5200889c-ccee-11e1-9994-c80aa98379c8
Error - 18.07.2012 06:52:10 | Computer Name = Regina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.1.4548,
Zeitstempel: 0x4fda5ff0 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x2a4 Startzeit der fehlerhaften Anwendung: 0x01cd64d35f1886f6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
9f40a140-d0c6-11e1-905f-c80aa98379c8
Error - 19.07.2012 05:05:10 | Computer Name = Regina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b69d Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x1248 Startzeit der fehlerhaften Anwendung: 0x01cd658d97772d16 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
d738307b-d180-11e1-b0ac-c80aa98379c8
Error - 19.07.2012 05:13:23 | Computer Name = Regina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b69d Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0xd8c Startzeit der fehlerhaften Anwendung: 0x01cd658ebe21c9e0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
fd343b37-d181-11e1-b0ac-c80aa98379c8
Error - 19.07.2012 05:42:55 | Computer Name = Regina-PC | Source = Application Hang | ID = 1002
Description = Programm STTime.scr, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1394 Startzeit:
01cd6592cf73fe66 Endzeit: 18 Anwendungspfad: C:\PROGRA~2\STANDA~1\STANDA~1\STTime.scr
Berichts-ID:
124b26fe-d186-11e1-b0ac-c80aa98379c8
[ System Events ]
Error - 28.07.2012 13:00:23 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
TPkd
Error - 29.07.2012 04:27:17 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
TPkd
Error - 29.07.2012 12:41:35 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Planer erreicht.
Error - 29.07.2012 12:41:35 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 29.07.2012 12:42:27 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
TPkd
Error - 29.07.2012 17:16:07 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom TPkd
Error - 30.07.2012 16:33:07 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom TPkd
Error - 31.07.2012 17:29:47 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom TPkd
Error - 01.08.2012 02:30:21 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom TPkd
Error - 02.08.2012 04:16:33 | Computer Name = Regina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom TPkd
< End of report >
|
| Themen zu TR/ATRAPS.Gen2 und TR/ATRAPS.Gen |
| 800000cb.@, antivirus, autorun, avg secure search, avg security toolbar, avira, bho, bonjour, cid, desktop, error, erste mal, excel, fehler, firefox, flash player, google earth, home, igdpmd64.sys, install.exe, internet, launch, locker, logfile, mozilla, mywinlocker, pdfforge toolbar, plug-ins, realtek, registry, rundll, scan, secure search, security, software, system, tr/vundo.gen, vtoolbarupdater, windows |
Baum-Darstellung