|
Log-Analyse und Auswertung: html/infected.webpage.gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.04.2012, 07:05 | #1 |
| html/infected.webpage.gen2 Nach Anschauen eines Fussballstreams entdeckte mein Scanner die mögliche Infektion html/infected.webpage.gen2 im Cache meines Browsers. Würde daher bitte jemand über diese Logfiles schauen? Danke. SAS und MBAM meldeten keine Infektion. Trotzdem wäre eine Analyse sehr nett, zumal mir beispielsweise Kopfzerbrechen macht, woher dieser Roxio-Ordner in Appdata/Roaming kommt. Code:
ATTFilter OTL Extras logfile created on: 29.04.2012 07:31:36 - Run 4 OTL by OldTimer - Version 3.2.33.2 Folder = E:\Downloads\Protection 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,23% Memory free 8,19 Gb Paging File | 5,84 Gb Available in Paging File | 71,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 542,64 Gb Total Space | 316,27 Gb Free Space | 58,28% Space Free | Partition Type: NTFS Drive E: | 388,87 Gb Total Space | 138,43 Gb Free Space | 35,60% Space Free | Partition Type: NTFS Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [printdir] -- %windir%\printdir.bat "%1" () Directory [viewdir] -- %windir%\viewdir.bat "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [printdir] -- %windir%\printdir.bat "%1" () Directory [viewdir] -- %windir%\viewdir.bat "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 74 0C 11 2E 7B 3E CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4223294054-2252070966-736884885-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4477FA8D-3113-4A0B-83E8-959945A6A22C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4C427A99-ABE1-4EBD-9E4D-9B138C1B66F3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{55E3523C-6171-435C-A9EF-1B0E0E094B79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{568E007D-AFC2-4E11-A42B-C66E76FA6D4A}" = lport=445 | protocol=6 | dir=in | app=system | "{5B55C178-1937-414A-9487-88354171A362}" = rport=445 | protocol=6 | dir=out | app=system | "{6736D996-E0C0-4B38-9466-7BFFF17DBCDE}" = lport=138 | protocol=17 | dir=in | app=system | "{696862F2-6F44-4A15-9852-83D3A0741E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{AA30B040-BD51-44F7-806D-F271DD1F50FE}" = rport=137 | protocol=17 | dir=out | app=system | "{AECCC0DB-FF04-4DE7-8FC0-3EA0B2CD842A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BC72F7DE-0C34-4BDE-8550-FDA9070B6524}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BE5CB16F-CEBD-4A43-8E6B-ABCAEFA20422}" = lport=137 | protocol=17 | dir=in | app=system | "{C8537E1A-BBAD-4B9D-944B-723FECD79656}" = rport=139 | protocol=6 | dir=out | app=system | "{CE6B037B-7127-4C90-A1EC-3C2CEAD6562D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E5D957FD-2D68-4153-B9A7-29CDB53F8726}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EC5ACE10-4558-4062-B185-355BED1F517B}" = lport=139 | protocol=6 | dir=in | app=system | "{F2CDDA80-20A9-443B-8633-1AB8AF74B9A6}" = rport=138 | protocol=17 | dir=out | app=system | "{F5808458-9922-49CF-BBD5-1DBB5633C726}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F8CADC18-D3ED-4AFC-A795-87D3BA1FECDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0681180B-B633-47F4-A6DE-8D67D4D2F80F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{0A35158F-F293-4E36-A204-4589CB9E86CC}" = protocol=17 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe | "{0BF80E0A-1217-4F49-8B25-F734C7BB9EBA}" = protocol=6 | dir=in | app=c:\games\dragon age origins character creator\bin_ship\daocharactercreator.exe | "{210A96D1-1ED2-4A89-8754-A8C10FBCA281}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2E2D6E2D-7980-4075-9F67-D76C1052AF73}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | "{2FEFA728-B679-40EB-9B68-8ABB5D264DD5}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | "{316CC107-8BA3-43AA-81A5-52E1C2D1B0D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{31D20E3C-7DD3-4A7F-830D-A072ACA37C06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3A31AF01-02A0-4CE9-A64C-155BCD65EA90}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | "{409C282B-7B07-4AAF-9F99-A6EE0BA31A0A}" = protocol=17 | dir=in | app=c:\games\mass effect 3\binaries\win32\masseffect3.exe | "{41D50E12-810D-4FD2-B0F9-3607DE7926EB}" = protocol=6 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe | "{49FDF1AB-4178-4F9C-88D1-8FB6BD5D1E01}" = protocol=17 | dir=in | app=c:\games\dragon age origins character creator\bin_ship\daocharactercreator.exe | "{500C952F-58B1-41A5-BA6B-1BEE2D6FF270}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{5265ED28-5B54-4D97-BFC6-A07CB81259CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{58244F19-3F9D-4E5E-9CDC-3255CFFE76EC}" = protocol=6 | dir=in | app=c:\games\mass effect 3\binaries\win32\masseffect3.exe | "{586AF009-E95C-48AA-B00F-468DDF1284D1}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | "{5DFC933E-F76A-4C22-BC0C-CC703701F9B5}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | "{7B7AF574-6F98-4669-8373-F66065192B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{7EF5873E-4968-4E5F-979C-F32CAEA46974}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{87CD387C-FA8A-4A2C-BC72-B07EEB2982F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{882F1618-4606-4B40-BECA-E091B33003E8}" = protocol=17 | dir=in | app=c:\games\dragon age origins character creator\daoriginslauncher.exe | "{8B195E4F-384D-4DC5-B7A3-EC3133CDB24B}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | "{9000D64F-FE9D-4A22-93E3-4C1B8FA1CDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{93FB028E-A5BC-4A21-AEF9-B9654A0058A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{96395879-6386-4469-947D-6548A72205D9}" = protocol=6 | dir=in | app=c:\games\dragon age origins character creator\daoriginslauncher.exe | "{A6AF9EE1-6F0A-4CE7-B425-7C9C36728773}" = protocol=6 | dir=in | app=c:\users\timr\appdata\roaming\dropbox\bin\dropbox.exe | "{A8D2A0EF-6ABA-464B-BF2F-6ADB2D788F8B}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | "{AA613AE4-8B8F-4194-BCA8-9D88CD77551F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B54949CC-26F7-4400-90C0-5245BD97D54B}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | "{C0DE0596-2E04-4A65-BC15-458DC875D2C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C83B19F8-C1D4-411C-BE35-9CC6BB620234}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{D0910AD6-CE64-4501-B5AE-49FCB0ACFA55}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{D602DC84-4970-4F21-8DE7-03399244121E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{E4BB4EB9-FDA8-499B-83B0-449BF72B177C}" = protocol=17 | dir=in | app=c:\users\timr\appdata\roaming\dropbox\bin\dropbox.exe | "{E9F56AF2-AE88-4AEA-921C-282CE7F40E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{EF3BB84A-AC0A-43F5-88AE-3FF22FC5BC16}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | "{F6AEB06C-67B5-4E6E-902F-2BF5F910F3DB}" = protocol=17 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe | "{F6B212D3-E50B-4DA7-920B-90D05A46188F}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | "{F8272D9E-97CF-4841-B4C8-488C605B2A86}" = protocol=6 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe | "{F867F444-7773-41A2-A066-32E7DD7ED310}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "TCP Query User{129D2307-0DA5-4E24-87F5-D9C3188880E5}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{27404428-D206-4C31-B3B6-7E4C2B3581A9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{2C3282C2-198D-43A1-A30B-F276126CDA6D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{4995D3C3-963F-4A1F-BA4B-18FB318CB92C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{85003D8B-0BB0-42C3-AC4F-FFF754CF180F}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{BDB18F33-577C-4CBD-9E81-07C7BE21A4F8}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{C712E825-2754-4E49-B316-5AE112F9E34A}C:\program files (x86)\jalview\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jalview\jre\bin\javaw.exe | "TCP Query User{E51EBB60-5941-4E93-B6FD-0427E07DDB55}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe | "TCP Query User{FD9B905F-DE70-4B5F-95D7-FF3C56963184}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "UDP Query User{01460080-EE11-479D-91B9-7686F3BEF8DA}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{18443F21-3A77-41AB-B225-8026C2AACA33}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{1B971F43-8E2B-4BBB-AF56-DFC4EA7927B9}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe | "UDP Query User{44E3D32E-9E8C-482B-81D5-0529AAF0D481}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{5B83FC51-C1C2-4B13-82CF-42387496276D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{72D85336-46AF-4EDF-87ED-DF4272ABC983}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{B14084CB-CAE4-4F2C-95AA-7852A6DBA68D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{C73C523C-CC4D-48C0-BC12-5BE65295C9CE}C:\program files (x86)\jalview\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jalview\jre\bin\javaw.exe | "UDP Query User{F92A0005-4A2D-4221-B1BE-755989000F52}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64 "{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67303AC9-A9BA-E413-0001-AAC1C812947C}" = AMD Fuel "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9005CF63-F082-65AD-7431-7EBF31642279}" = AMD Fuel "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "sp6" = Logitech SetPoint 6.32 "VLC media player" = VLC media player 2.0.1 "WinRAR archiver" = WinRAR 4.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch "{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional "{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian "{136F3A0B-5783-47AC-8DB7-1611ED879FA1}" = ClustalX2 "{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5 "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese "{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian "{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common "{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish "{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish "{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai "{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C57D8CB-FFB6-4B58-8C07-9F2D63E05990}" = FreeUndelete 2.0.34689.1 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0 "{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software "{69FC0FD9-BA3D-45B0-88AF-C39B4121A070}" = MP3Find pro V5.02 "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = AMD VISION Engine Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{82808A16-D448-4FBF-9AE9-75AF3FC240DC}_is1" = MEGA5 "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online "{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German "{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles "{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech "{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish "{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek "{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy "{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian "{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard "{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian "{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E2903F16-9A5A-4292-9D97-8328088086B6}" = forteManager "{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = AMD VISION Engine Control Center "{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1505-7129-3447-4151" = SplitsTree4 4.11.3 "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ALchemy" = Creative ALchemy "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Anti-Twin 2011-07-08 08.59.05" = Anti-Twin (Installation 08.07.2011) "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode) "AudioCS" = Creative Audio-Systemsteuerung "Avira AntiVir Desktop" = Avira AntiVir Premium "ClassicPro" = ClassicPro© v1.14 "Console Launcher" = Creative Konsole Starter "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Diagnostics 4_5" = Creative-Diagnose "Dolby Digital Live Pack" = Dolby Digital Live Pack "Exact Audio Copy" = Exact Audio Copy 1.0beta1 "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "FileHippo.com" = FileHippo.com Update Checker "Fraps" = Fraps (remove only) "Free Studio_is1" = Free Studio version 5.3.3 "Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Inkscape" = Inkscape 0.48.1 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "Jalview" = Jalview "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Notepad++" = Notepad++ "OpenAL" = OpenAL "Opera 11.62.1347" = Opera 11.62 "Origin" = Origin "PDF Blender" = PDF Blender "QuicktimeAlt_is1" = QuickTime Alternative 3.2.2 "Secunia PSI" = Secunia PSI (3.0.0.0004) "SpeedFan" = SpeedFan (remove only) "StarCraft II" = StarCraft II "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "Trillian" = Trillian "URLSnooper 2_is1" = URL Snooper v2.29.01 "Winamp" = Winamp "WinPcapInst" = WinPcap 4.1.2 "xp-AntiSpy" = xp-AntiSpy 3.98-2 "Xvid Video Codec 1.3.2" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "LCDSirReal" = LCDSirReal - a multipurpose plugin for the Logitech G13/G15 "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10.03.2012 07:20:57 | Computer Name = Schwobb | Source = Windows Installer 3.1 | ID = 921877 Description = Error - 10.03.2012 07:55:37 | Computer Name = Schwobb | Source = System Restore | ID = 8193 Description = Error - 21.03.2012 17:46:17 | Computer Name = Schwobb | Source = .NET Runtime | ID = 1026 Description = Error - 28.03.2012 16:28:42 | Computer Name = Schwobb | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul DDRAW.dll, Version 6.0.6001.18000, Zeitstempel 0x4791acbf, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000007345, Prozess-ID 0xbd8, Anwendungsstartzeit 01cd0d2055817707. Error - 28.03.2012 16:45:39 | Computer Name = Schwobb | Source = EventSystem | ID = 4609 Description = Error - 29.03.2012 01:56:39 | Computer Name = Schwobb | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung MassEffect3.exe, Version 1.1.5427.4, Zeitstempel 0x4f46d052, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode 0xc0000005, Fehleroffset 0x00062ab1, Prozess-ID 0xf94, Anwendungsstartzeit 01cd0d70a87b1a32. Error - 29.03.2012 01:57:06 | Computer Name = Schwobb | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung MassEffect3.exe, Version 1.1.5427.4, Zeitstempel 0x4f46d052, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode 0xc0000005, Fehleroffset 0x0001e582, Prozess-ID 0xf94, Anwendungsstartzeit 01cd0d70a87b1a32. Error - 30.03.2012 18:25:51 | Computer Name = Schwobb | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung MassEffect3.exe, Version 1.1.5427.4, Zeitstempel 0x4f46d052, fehlerhaftes Modul MassEffect3.exe, Version 1.1.5427.4, Zeitstempel 0x4f46d052, Ausnahmecode 0xc0000005, Fehleroffset 0x00498d12, Prozess-ID 0x165c, Anwendungsstartzeit 01cd0ebdf81bc630. Error - 03.04.2012 17:57:37 | Computer Name = Schwobb | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung MassEffect3.exe, Version 1.1.5427.4, Zeitstempel 0x4f46d052, fehlerhaftes Modul MassEffect3.exe, Version 1.1.5427.4, Zeitstempel 0x4f46d052, Ausnahmecode 0xc0000005, Fehleroffset 0x003b0089, Prozess-ID 0x430, Anwendungsstartzeit 01cd11bf7ebb7483. Error - 17.04.2012 16:54:32 | Computer Name = Schwobb | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung LCDMon.exe, Version 3.6.109.0, Zeitstempel 0x4c58421d, fehlerhaftes Modul LCDMon.exe, Version 3.6.109.0, Zeitstempel 0x4c58421d, Ausnahmecode 0x40000015, Fehleroffset 0x000000000009f674, Prozess-ID 0xd9c, Anwendungsstartzeit 01cd1cb2d4a67193. [ OSession Events ] Error - 18.01.2010 11:21:51 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3857 seconds with 3600 seconds of active time. This session ended with a crash. Error - 06.05.2010 17:29:52 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 893 seconds with 120 seconds of active time. This session ended with a crash. Error - 15.06.2011 11:56:39 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. Error - 19.07.2011 16:58:16 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11821 seconds with 1740 seconds of active time. This session ended with a crash. Error - 17.08.2011 12:03:02 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12606 seconds with 2280 seconds of active time. This session ended with a crash. Error - 11.09.2011 12:02:08 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12489 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.04.2012 21:23:16 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7026 Description = Error - 28.04.2012 04:30:25 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2012 04:30:25 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7026 Description = Error - 28.04.2012 08:37:59 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2012 08:37:59 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7026 Description = Error - 28.04.2012 13:27:56 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2012 13:27:56 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7026 Description = Error - 29.04.2012 01:01:29 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000 Description = Error - 29.04.2012 01:01:29 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7026 Description = Error - 29.04.2012 01:11:49 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7034 Description = < End of report > Code:
ATTFilter OTL logfile created on: 29.04.2012 07:31:36 - Run 4 OTL by OldTimer - Version 3.2.33.2 Folder = E:\Downloads\Protection 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,23% Memory free 8,19 Gb Paging File | 5,84 Gb Available in Paging File | 71,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 542,64 Gb Total Space | 316,27 Gb Free Space | 58,28% Space Free | Partition Type: NTFS Drive E: | 388,87 Gb Total Space | 138,43 Gb Free Space | 35,60% Space Free | Partition Type: NTFS Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - E:\Downloads\Protection\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll () MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll () MOD - C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CTXFIGER.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AMD FUEL Service) -- C:\Program Files (x86)\ATI\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (!SASCORE) -- C:\Program Files (x86)\SAS\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (PSI) -- C:\Windows\SysNative\DRIVERS\psi_mf.sys (Secunia) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\ssadserd.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\Drivers\ssadadb.sys (Google Inc) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (AODDriver4.1) -- C:\Program Files (x86)\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices) DRV - (SASDIFSV) -- C:\Program Files (x86)\SAS\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files (x86)\SAS\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software) DRV - (LGII2CDevice) -- C:\Program Files (x86)\forteManager\bin\PII2CDriver.sys () DRV - (LGDDCDevice) -- C:\Program Files (x86)\forteManager\bin\I2CDriver.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 30 99 6E 91 21 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) O1 HOSTS File: ([2012.03.06 22:47:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech\SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 195.50.140.180 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6659378C-9D4A-4D5D-882C-148AEC3A7B09}: DhcpNameServer = 195.50.140.116 195.50.140.180 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.29 07:18:40 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.04.29 07:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.04.25 21:11:22 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Roxio [2012.04.22 03:32:09 | 000,000,000 | R--D | C] -- C:\Users\TimR\Downloads [2012.04.22 02:07:06 | 000,000,000 | R--D | C] -- C:\Users\TimR\Favorites [2012.04.21 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\TimR\Documents\Diablo III [2012.04.21 09:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.04.19 18:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.04.12 00:39:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.04.12 00:39:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.04.12 00:39:12 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.04.12 00:39:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.04.12 00:39:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.04.12 00:39:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.04.12 00:39:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.04.12 00:39:11 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.04.12 00:39:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.04.12 00:39:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.04.12 00:39:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.04.12 00:38:18 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.04.12 00:38:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.04.12 00:38:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012.04.12 00:38:08 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.03.31 02:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.29 07:33:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.29 07:06:26 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.29 07:06:26 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.29 07:06:26 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.29 07:06:26 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.29 07:06:26 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.29 07:00:02 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 07:00:02 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 06:59:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.28 23:01:48 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.04.28 23:01:48 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.04.28 23:01:48 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.04.28 04:04:10 | 000,092,160 | ---- | M] () -- C:\Users\TimR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.19 23:49:08 | 000,808,821 | ---- | M] () -- C:\Users\TimR\Desktop\Unbenannt.png [2012.04.13 21:33:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.04.13 21:33:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.04.13 21:33:12 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.30 07:39:57 | 000,534,009 | ---- | M] () -- C:\Users\TimR\Desktop\mfrSa.jpg [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.19 23:49:05 | 000,808,821 | ---- | C] () -- C:\Users\TimR\Desktop\Unbenannt.png [2012.03.31 02:42:54 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2012.03.31 02:42:54 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.03.31 02:42:54 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2012.03.31 02:42:54 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax [2012.03.31 02:42:54 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2012.03.31 02:42:53 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.03.30 07:39:57 | 000,534,009 | ---- | C] () -- C:\Users\TimR\Desktop\mfrSa.jpg [2012.03.28 23:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.05 12:23:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.10.25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.10 18:51:06 | 000,000,680 | ---- | C] () -- C:\Users\TimR\AppData\Local\d3d9caps.dat [2011.03.10 16:24:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.03.10 16:24:13 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.03.10 16:24:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011.03.10 16:23:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.03.08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.12.10 01:19:41 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.12.10 01:19:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.11.12 10:12:38 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI [2010.09.03 18:19:13 | 001,539,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.07.07 22:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2010.07.07 21:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2010.07.07 21:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2010.07.07 21:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2010.07.07 21:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2010.07.07 21:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2010.07.07 21:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.05.23 23:25:12 | 000,201,122 | ---- | C] () -- C:\Windows\SysWow64\Cavort10.dll [2010.05.23 23:25:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Unlha.dll [2010.05.23 23:25:12 | 000,066,113 | ---- | C] () -- C:\Windows\SysWow64\Cavordd.dll [2010.05.23 23:25:12 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\Cavosysc.dll [2010.05.23 23:25:07 | 000,000,098 | ---- | C] () -- C:\Windows\twland.ini ========== LOP Check ========== [2010.04.02 15:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Academic Software Zurich [2010.05.30 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Amazon [2012.02.25 23:26:51 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Audacity [2009.09.25 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Auslogics [2009.11.10 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DonationCoder [2012.02.26 14:44:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Dropbox [2012.01.28 00:31:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoft [2012.01.21 10:16:29 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.09 17:05:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\EAC [2010.11.13 23:21:04 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\FreeHideIP [2010.11.16 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\GetRightToGo [2011.07.19 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\inkscape [2010.09.20 22:53:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\IrfanView [2009.09.25 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Leadertech [2011.06.24 00:21:54 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MEGA5_5110426 [2011.04.09 17:53:08 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MP3Find [2011.04.16 10:24:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MPEG Streamclip [2012.04.29 07:18:48 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Notepad++ [2011.01.30 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OfficeRecovery [2011.04.11 08:39:33 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Opera [2012.02.17 08:49:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Origin [2010.06.08 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\PC Suite [2011.04.19 20:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Samsung [2009.11.18 18:39:38 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\ScanSoft [2011.12.12 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Temp [2010.09.17 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Tracker Software [2012.03.01 23:24:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Trillian [2012.01.23 14:12:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Wizards of the Coast [2011.07.07 16:11:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Xi [2012.04.28 23:01:42 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
29.04.2012, 16:50 | #2 |
/// Malware-holic | html/infected.webpage.gen2 erst sich, warscheinlich, illegal gestreamtes zeug angucken und dann angst vor malware haben...
__________________ist doch klar das die leute das nicht aus freundlichkeit online stellen. poste bitte mal die avira fundmeldung.
__________________ |
29.04.2012, 16:58 | #3 |
| html/infected.webpage.gen2 Tjo, ich bin halt ein Kleinkrimineller :/
__________________Hier die Avira-Fundmeldung: In der Datei 'C:\Users\TimR\AppData\Local\Opera\Opera\cache\dcache4.url' wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen2' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern Danke |
30.04.2012, 19:07 | #4 |
/// Malware-holic | html/infected.webpage.gen2 gibts mehr avira meldungen? avira, ereignisse bzw avira, berichte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu html/infected.webpage.gen2 |
adobe, application/pdf, application/pdf:, audacity, autorun, avira, battle.net, bho, converter, desktop, device driver, diagnostics, error, excel, flash player, format, google, home, iexplore.exe, installation, langs, microsoft office word, nodrives, ntdll.dll, office 2007, registry, remote control, rundll, scan, secunia psi, security, software, svchost.exe, tcp, temp, tracker, udp, usb, version=1.0, vista, youtube downloader |