| |
| |||||||
Log-Analyse und Auswertung: S.M.A.R.T. HDD bzw. Win32/Kryptik.AGMLWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.06.2012, 19:35
| #1 |
 |  S.M.A.R.T. HDD bzw. Win32/Kryptik.AGML Hallo zusammen, irgendwie hat sich der Win 7 (32 Bit) Rechner meiner Eltern mit den im Titel genannten Schädlingen infiziert. Bei Systemstart poppte nur das Fake Programm Smart HDD auf sowie 30 aufeinanderfolgende Errormeldungen. Startmenü sowie C: und D: waren leergefegt, so auch der Desktop. Ich habe jetzt über die Ordnereinstellungen von Windows alle versteckten Dateien wieder sichtbar machen können und siehe da, alle Dateien sind wieder da, weisen aber das Attribut "versteckt" auf. Nach einem Neustart tritt aber die ganze Prozedur wieder auf und auch die Dateien sind wieder weg. Ich habe den ESET Online Scanner als Admin gestartet und jegliche Antivir und Firewalls ausgestellt. Das log findet ihr anbei. Die automatische Löschung habe ich auch ausgestellt. Kann mal jemand drüber schauen und mir sagen ob ich das löschen darf? Der Trojaner ist wohl erst seit heute bekannt wie ich hier lesen konnte. Bei Google gibt es momentan nur sehr wenige Treffer zu dieser Variante. Vielen Dank im Vorraus! defogger.log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:20 on 05/06/2012 (Papa)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Papa :: PAPA-PC [Administrator] 05.06.2012 17:00:09 mbam-log-2012-06-05 (17-00-09).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 283306 Laufzeit: 47 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\ProgramData\AKfPlKyjpi5W3O.exe a variant of Win32/Kryptik.AGML trojan
C:\ProgramData\vfecjqYPEFsxGU.exe a variant of Win32/Kryptik.AGML trojan
C:\Users\All Users\AKfPlKyjpi5W3O.exe a variant of Win32/Kryptik.AGML trojan
C:\Users\All Users\vfecjqYPEFsxGU.exe a variant of Win32/Kryptik.AGML trojan
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHXWZ9PS\JDownloaderSetup_3IC[1].exe a variant of Win32/InstallCore.P application
C:\Users\Papa\AppData\Local\Temp\is1070216317\MyBabylonTB.exe Win32/Toolbar.Babylon application
Code:
ATTFilter OTL logfile created on: 05.06.2012 20:30:09 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = D:\-= DOWNLOAD =-\FIREFOX DOWNLOADS Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,37 Mb Total Physical Memory | 361,28 Mb Available Physical Memory | 35,30% Memory free 2,00 Gb Paging File | 0,80 Gb Available in Paging File | 39,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 1,96 Gb Free Space | 4,02% Space Free | Partition Type: NTFS Drive D: | 184,05 Gb Total Space | 44,17 Gb Free Space | 24,00% Space Free | Partition Type: NTFS Drive E: | 27,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.05 20:25:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\-= DOWNLOAD =-\FIREFOX DOWNLOADS\OTL.exe PRC - [2012.05.08 20:44:42 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:44:40 | 000,348,624 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:44:40 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:44:40 | 000,080,336 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.25 18:45:52 | 000,924,600 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.02 15:32:52 | 000,018,432 | -H-- | M] () -- C:\Users\Papa\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.13 17:03:34 | 004,283,256 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2011.05.13 15:49:42 | 000,025,456 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | -H-- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | -H-- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.10.06 13:39:27 | 002,002,728 | -H-- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009.04.14 16:43:42 | 000,604,704 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE PRC - [2009.01.26 16:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.04.25 18:45:52 | 001,952,696 | -H-- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.12.04 18:40:31 | 008,527,008 | -H-- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.07.18 23:04:08 | 000,296,448 | -H-- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2011.03.02 13:40:51 | 000,140,288 | -H-- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.05.08 20:44:42 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:44:40 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.25 18:45:53 | 000,129,976 | -H-- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 07:53:50 | 000,063,928 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.02 15:32:52 | 000,018,432 | -H-- | M] () [Auto | Running] -- C:\Users\Papa\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe -- (ReminderFoxUpdater) SRV - [2011.03.28 21:31:14 | 001,713,536 | -H-- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.20 23:29:48 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.11.20 23:29:32 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2010.10.06 13:39:27 | 002,002,728 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athr.sys -- (athr) DRV - [2012.06.05 17:44:26 | 000,042,960 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\hyxdvlzh.sys -- (hyxdvlzh) DRV - [2012.05.08 20:44:42 | 000,137,928 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:44:42 | 000,083,392 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:56:15 | 000,036,000 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:12 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2010.11.20 23:29:03 | 000,175,360 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,112,640 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 23:29:03 | 000,077,184 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 23:29:03 | 000,062,464 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,028,032 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,027,264 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 23:29:03 | 000,025,600 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010.11.20 23:29:03 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.07.08 15:17:56 | 000,603,240 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010.06.17 16:14:27 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 03:20:28 | 000,022,096 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 00:09:17 | 004,194,816 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:53 | 000,048,128 | -H-- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2009.06.19 04:45:02 | 004,172,832 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15003 IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 65 A3 19 9E B2 CC 01 [binary data] IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=&src=crm&q={searchTerms}&locale= IE - HKU\S-1-5-21-229958436-3033542292-740978725-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 18:45:53 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.04 18:18:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions [2012.05.18 21:46:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\g19lbimn.default\extensions [2010.02.04 16:45:40 | 000,002,254 | -H-- | M] () -- C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\g19lbimn.default\searchplugins\askcom.xml [2012.01.10 13:04:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.06 02:19:41 | 000,634,964 | -H-- | M] () (No name found) -- C:\USERS\PAPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G19LBIMN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.05.18 21:46:04 | 000,045,066 | -H-- | M] () (No name found) -- C:\USERS\PAPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G19LBIMN.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI [2012.04.25 18:45:52 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.10 13:04:24 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.10 13:04:24 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.10 13:04:24 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.10 13:04:23 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.10 13:04:23 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.10 13:04:23 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ReminderFox) - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\Papa\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [vfecjqYPEFsxGU.exe] C:\ProgramData\vfecjqYPEFsxGU.exe () O4 - HKU\S-1-5-21-229958436-3033542292-740978725-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-229958436-3033542292-740978725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{912531D1-61FC-42AA-8642-E1626A7CD00D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE7AF95-9DE3-4248-8CA3-C99FD1B8FB94}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.05 20:24:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe.part [2012.06.05 19:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.05 16:56:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.05 16:56:37 | 000,022,344 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.05 16:56:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.05 16:54:17 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{567F4701-CD60-4A3B-82DC-3AFF260CE38C} [2012.06.05 16:54:05 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{72552B9F-4DAA-4449-81A5-6B6F207BF0F0} [2012.06.05 16:40:17 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{342C47B4-85A1-453A-B58D-784A91570916} [2012.06.05 16:40:02 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{416BA68D-00E5-4111-AA53-77FB8275CDD7} [2012.06.05 16:22:13 | 000,000,000 | -H-D | C] -- C:\Windows\pss [2012.06.05 16:21:34 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{E0C4FA3E-A49D-4B16-889B-F8F22ADA2CFE} [2012.06.05 16:21:18 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{38C21B59-41FD-452E-88ED-5180354F6B00} [2012.06.05 16:12:13 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{B7BCB83D-941B-4324-AC39-0379C9E0A64A} [2012.06.05 16:11:58 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{14CA174B-BBF7-4456-86A1-36F866B96EF2} [2012.06.05 16:03:46 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes [2012.06.05 16:03:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.06.05 15:47:51 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{5E8B2EAD-9A30-4BDB-B062-632718FFD8B7} [2012.06.05 15:47:37 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{DF0B0C8A-6EB2-4313-B098-FDDAA669B242} [2012.06.04 20:53:59 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{AE0C8901-128B-4BF4-BC22-F7DA5C34BD6F} [2012.06.04 20:53:44 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{96463A6C-25AB-4750-AF84-414984C0EA7D} [2012.06.04 20:31:16 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{04CF649D-F25B-439E-92C7-7B97E463E93B} [2012.06.04 20:31:01 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{E671A195-DC30-4C08-9DF7-E226595C82CA} [2012.06.04 20:20:54 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.04 20:20:16 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{1F355A69-86AE-4C0B-A9E8-571371875EA2} [2012.06.04 20:19:54 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{6DD15C57-58BF-4183-8BFE-A646A1716BB5} [2012.06.04 10:44:21 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{58B87E9C-DA9D-40D4-AEEE-5278D8C99B4F} [2012.06.04 10:44:03 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{EE61A34B-BE4E-4C81-A5F2-1FF96907F309} [2012.06.03 09:55:31 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{1A29B715-5FB8-4185-90F9-566B1D7BC1DB} [2012.06.03 09:55:17 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{AFDAB24F-1AB3-4156-A35B-3FD62790F75A} [2012.06.02 11:05:20 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{BFEF408C-4C13-4B10-8AFD-F0D9ADD5C233} [2012.06.02 11:05:06 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{5A1FA7C4-6628-4A1D-AB7D-F9A6D51AF932} [2012.06.01 12:54:27 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{D8DBDB1F-58DC-407D-85E1-E3EE13DD2E41} [2012.06.01 12:54:15 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{47AFAC0D-CB99-4BA9-A093-E9A3A86A1BCE} [2012.05.31 10:56:28 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{2CEBC841-F9E2-4B0D-8232-9064BF61CBA1} [2012.05.31 10:56:15 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{4F089928-2E0A-4A26-9807-87B63C990E25} [2012.05.30 07:38:44 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{F5AE28B3-6DE3-48D3-8FF5-421302085DDA} [2012.05.30 07:38:32 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{6623ABA8-D3AE-4AC2-9213-29C4C9949FD7} [2012.05.29 17:42:37 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{1D634638-028C-4118-B2D8-5A4504F5F2A4} [2012.05.29 17:42:26 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{19121182-309B-4B64-8981-77A4D198A6BE} [2012.05.29 11:38:04 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{45A6CE6A-C470-41A8-B618-700AC2FD6C3C} [2012.05.29 11:37:51 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{6AA138F5-451C-492E-8D44-B51AD8ED3793} [2012.05.28 12:38:05 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{7118A9DF-58AC-4F5B-901D-5788AC12FE50} [2012.05.28 12:37:50 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{3C6DD5B9-D211-4288-BEAC-5655B0FF0F41} [2012.05.28 11:03:03 | 000,000,000 | -H-D | C] -- C:\Users\Papa\Desktop\constant [2012.05.28 10:21:13 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{DEFCA69D-7C8F-4127-98FF-C007DAD21B42} [2012.05.28 10:21:01 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{FD29CFEB-2843-46A7-8644-2FBB5DB8E2AF} [2012.05.27 19:37:14 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{147FD708-6CCF-4D72-ACEB-DDE0571283B9} [2012.05.27 19:37:01 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{A8036F5E-19D1-43BA-8ADA-3ECC19BB0190} [2012.05.27 13:30:35 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{7F797455-42E2-4E09-A1BF-16C652FF3BF4} [2012.05.27 13:30:22 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{2A55F9A4-3670-481F-ACC4-A6301BB76665} [2012.05.26 20:49:33 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{7AFE2D5E-CB94-4825-A152-64ADCE5004CF} [2012.05.26 20:49:20 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{10ECD97D-BC58-4128-8420-9327EE2D1B3C} [2012.05.26 13:30:52 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{BA89A8F3-CBC6-4BAB-BB8A-268691FB4FFC} [2012.05.26 13:30:39 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{634593C5-F5CD-4A72-B75C-030FD3E11251} [2012.05.25 13:12:29 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{53053DF1-2A69-47F8-97EC-23D792C32311} [2012.05.25 13:12:17 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{14FB3BC9-74F0-4512-B1FB-58E01A5EE743} [2012.05.24 17:36:54 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{CAF704B4-D5DB-45BF-B8C7-F42657B2875D} [2012.05.24 17:36:41 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{F97248C0-6CE9-401A-A51E-951E04D73E19} [2012.05.24 13:34:13 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{FDC99826-0B7F-44A8-86A9-A5342071121F} [2012.05.24 13:33:57 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{1891A197-5A71-4057-B736-7F24A1580494} [2012.05.23 14:54:19 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{493527C3-CC2B-4EC4-8528-DA82AB280721} [2012.05.23 14:54:05 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{9C124CCD-430F-4CD6-873B-486B77F1AE2A} [2012.05.23 12:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{0C02B509-FC0E-479B-9DF8-8EA79361507C} [2012.05.23 12:11:43 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{2718D657-B738-46E2-9038-03C9FA35638D} [2012.05.22 22:10:44 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{212F6CDF-37D9-4A9E-93C4-02E79DBE0683} [2012.05.22 22:10:28 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{7DA3DDE4-6D9E-40FD-8006-5E5FAE9DB281} [2012.05.22 17:08:36 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{15C137FF-0571-451F-A26A-C50412589253} [2012.05.22 17:08:24 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{EF064E51-57BB-47B8-8A03-4581779867C5} [2012.05.22 11:24:52 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{7237FBDF-F919-4624-8C62-4EFDD33FC6B3} [2012.05.22 11:24:38 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{88DB296A-544B-4CF5-948E-4539568B9CB5} [2012.05.21 08:42:57 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{CEE6460F-F765-4515-8744-57D607B3FDD3} [2012.05.21 08:42:45 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{AC2C7175-326F-4D3E-B1CD-34F8692C4BEA} [2012.05.20 20:41:53 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{3FB0EE10-D415-4956-BC39-7DC28527EF50} [2012.05.20 20:41:35 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{1C2EB092-6F6B-40F2-9EDC-43185C493646} [2012.05.20 11:08:25 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{3C0CFCE6-C484-47E3-B8AD-58D0544A7A1A} [2012.05.20 11:08:08 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{6351F482-77E5-40DF-BF23-E8690BE998D9} [2012.05.19 11:07:06 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{6F834B9E-A37C-4CEB-87EA-C97E244A4957} [2012.05.19 11:06:54 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{EA450B07-26B6-4D2D-BB8E-2A4F574AEBC6} [2012.05.18 15:45:27 | 000,000,000 | -H-D | C] -- C:\Users\Papa\Desktop\Konwerter NewCamd to CCcam [2012.05.18 10:29:26 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{DBB231FF-A2BC-4C98-B939-E2BDBAFC062B} [2012.05.18 10:29:14 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{94E32B42-EBA9-4F3D-AFD9-D1CB22AC247F} [2012.05.18 08:14:02 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{7B3923B4-242E-46AE-8CB1-416B0F5C9E2D} [2012.05.18 08:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{5C69526C-3970-4F34-AA3A-8B045ECD05D4} [2012.05.17 09:32:34 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{FB6BBD76-4C7D-4B12-9392-7B5C5AE42216} [2012.05.17 09:32:21 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{E01EC915-0029-4469-94CA-B8CD81CEC5C8} [2012.05.16 17:16:59 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\www.coolstream.to [2012.05.16 17:12:42 | 000,000,000 | -H-D | C] -- C:\Users\Papa\Desktop\OscamConfigCreator_12.10.10 [2012.05.16 16:47:47 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.16 16:47:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.16 16:47:43 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Roaming\Notepad++ [2012.05.16 16:47:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Notepad++ [2012.05.16 09:10:03 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{76A0036B-1D34-4648-91C2-B55471AD4909} [2012.05.16 09:09:50 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{43DE9C3D-52BF-41BA-A656-5F6CA0BAEFB8} [2012.05.15 20:11:12 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{D28DB45E-3DD6-4225-B832-8FBC6402F6C7} [2012.05.15 20:10:58 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{8E138424-282F-4D1C-99B0-8B29D31AD305} [2012.05.15 12:09:28 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{36D0E92C-6880-4057-8FC0-D858055B25A7} [2012.05.15 12:09:07 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{C237307C-C2BE-4938-8760-0B3A4117B197} [2012.05.14 20:16:17 | 000,000,000 | -H-D | C] -- C:\Users\Papa\Desktop\control [2012.05.14 18:29:40 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{00DA534E-7568-4222-8847-14807009FF83} [2012.05.14 18:29:28 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{4681A1E4-6EAF-428A-A3C4-2009A89387D9} [2012.05.14 08:43:53 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{2FD44F2E-7582-49D1-9EEF-CAB7F9ECB28D} [2012.05.14 08:43:41 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{C7743720-4100-4064-AEE7-6873E56B7CD2} [2012.05.13 09:44:46 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{2888B1D6-1B00-4A7B-B601-6433FAF23F02} [2012.05.13 09:44:34 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{24896A5B-9899-447E-A9B6-C604BF5558D9} [2012.05.12 14:13:39 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{8C6E7227-1470-420C-B35A-5768825D0047} [2012.05.12 14:13:27 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{A7CDB154-8A1E-46C9-BEC5-95F9A767C5C8} [2012.05.11 11:55:52 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{FA1856F8-2AC0-4B2E-A3D0-C2AB5B930A64} [2012.05.11 11:55:39 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{68EA464E-60CD-4FA5-A60E-5815BC108D9D} [2012.05.11 07:11:32 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{C31897F2-C6B0-4BBC-A3DE-B5D4F6A12FDD} [2012.05.11 07:11:17 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{EAB16400-8B16-4C96-BA68-620B8372449A} [2012.05.10 21:01:57 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{2A2268B9-69D3-48DA-9054-1E5E16316859} [2012.05.10 21:01:44 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{2749DA1D-38E6-42AD-8C21-D62760B75A66} [2012.05.10 15:15:47 | 000,000,000 | -H-D | C] -- C:\Users\Papa\Desktop\Oscam Tuts [2012.05.10 14:12:50 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{EA894941-49A7-4459-8E23-CDB5F09BB52E} [2012.05.10 14:12:38 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{79D18CB7-81A5-49DC-A288-22C620880C9A} [2012.05.09 11:55:02 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{C3C119F8-EF5E-47AB-8EDD-88FEF39C2E67} [2012.05.09 11:54:49 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{0DEB016B-80F9-4C36-88F3-13CCB9E36473} [2012.05.08 11:23:33 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{605C2D74-043B-411A-8864-EB370AE81A46} [2012.05.08 11:23:19 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{4946F50B-9A5D-4ADB-9BE7-6DD942E9125E} [2012.05.07 20:46:09 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{B813995E-56AC-4589-9FFE-8C6B2122A05D} [2012.05.07 20:45:47 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{0EC76FF7-9265-4420-B0A6-9705A658C34F} [2012.05.07 09:05:00 | 000,000,000 | -H-D | C] -- C:\Users\Papa\Desktop\Neuer Ordner [2012.05.07 07:51:28 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{32A967F8-8206-4264-A96D-45155F7AE044} [2012.05.07 07:51:13 | 000,000,000 | -H-D | C] -- C:\Users\Papa\AppData\Local\{73C93595-2C92-4075-80C4-91FEFCE8A3B6} [2011.12.04 18:18:45 | 385,086,637 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Word 2007.exe [2011.12.04 18:06:30 | 029,032,448 | -H-- | C] (Driver-Soft Inc.) -- C:\Program Files\Driver Genius Professional Edition.exe ========== Files - Modified Within 30 Days ========== [2012.06.05 20:24:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe.part [2012.06.05 20:20:35 | 000,000,000 | ---- | M] () -- C:\Users\Papa\defogger_reenable [2012.06.05 20:03:06 | 000,024,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.05 20:03:06 | 000,024,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.05 18:49:00 | 000,000,266 | -H-- | M] () -- C:\Windows\tasks\AutoKMS.job [2012.06.05 16:56:40 | 000,001,067 | -H-- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.05 16:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.05 16:53:07 | 804,806,656 | -HS- | M] () -- C:\hiberfil.sys [2012.06.04 20:20:55 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-AKfPlKyjpi5W3Or [2012.06.04 20:20:55 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-AKfPlKyjpi5W3O [2012.06.04 20:20:51 | 000,000,256 | -H-- | M] () -- C:\ProgramData\AKfPlKyjpi5W3O [2012.06.04 20:20:38 | 000,250,368 | -H-- | M] () -- C:\ProgramData\AKfPlKyjpi5W3O.exe [2012.06.04 20:03:39 | 000,343,040 | -H-- | M] () -- C:\ProgramData\vfecjqYPEFsxGU.exe [2012.06.03 18:25:33 | 000,653,928 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.03 18:25:33 | 000,615,810 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.03 18:25:33 | 000,129,800 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.03 18:25:33 | 000,106,190 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.30 13:01:34 | 000,033,290 | -H-- | M] () -- C:\Users\Papa\Desktop\00694177.jpg [2012.05.30 12:57:48 | 000,051,173 | -H-- | M] () -- C:\Users\Papa\Desktop\00686994.jpg [2012.05.30 12:53:04 | 000,034,979 | -H-- | M] () -- C:\Users\Papa\Desktop\00694178.jpg [2012.05.16 16:47:47 | 000,001,021 | -H-- | M] () -- C:\Users\Papa\Desktop\Notepad++.lnk [2012.05.13 09:43:00 | 000,265,640 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.08 20:44:42 | 000,137,928 | -H-- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.08 20:44:42 | 000,083,392 | -H-- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.06.05 20:20:35 | 000,000,000 | ---- | C] () -- C:\Users\Papa\defogger_reenable [2012.06.05 16:56:40 | 000,001,067 | -H-- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.04 20:20:55 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-AKfPlKyjpi5W3Or [2012.06.04 20:20:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-AKfPlKyjpi5W3O [2012.06.04 20:20:50 | 000,000,256 | -H-- | C] () -- C:\ProgramData\AKfPlKyjpi5W3O [2012.06.04 20:20:38 | 000,250,368 | -H-- | C] () -- C:\ProgramData\AKfPlKyjpi5W3O.exe [2012.06.04 20:06:11 | 000,343,040 | -H-- | C] () -- C:\ProgramData\vfecjqYPEFsxGU.exe [2012.05.30 13:01:32 | 000,033,290 | -H-- | C] () -- C:\Users\Papa\Desktop\00694177.jpg [2012.05.30 12:57:45 | 000,051,173 | -H-- | C] () -- C:\Users\Papa\Desktop\00686994.jpg [2012.05.30 12:52:51 | 000,034,979 | -H-- | C] () -- C:\Users\Papa\Desktop\00694178.jpg [2012.05.18 16:20:02 | 000,627,200 | -H-- | C] () -- C:\Users\Papa\Desktop\cccam2oscam.exe [2012.05.16 16:47:47 | 000,001,021 | -H-- | C] () -- C:\Users\Papa\Desktop\Notepad++.lnk [2011.12.14 23:05:14 | 000,000,193 | -H-- | C] () -- C:\Windows\WORDPAD.INI [2011.12.13 18:33:27 | 000,299,008 | RH-- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.12.04 18:49:03 | 000,154,144 | -H-- | C] () -- C:\Windows\System32\RTLCPAPI.dll [2011.12.04 17:55:25 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin [2011.12.04 17:55:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.04.12 04:17:04 | 000,653,928 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 04:17:04 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 04:17:04 | 000,129,800 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 04:17:04 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== LOP Check ========== [2012.01.31 15:20:15 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\Canneverbe Limited [2012.02.19 17:54:25 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\elsterformular [2011.12.19 19:09:22 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\GHISLER [2012.05.16 16:49:16 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\Notepad++ [2012.03.02 13:59:06 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\SatChannelListEditor [2011.12.04 18:33:29 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\TeamViewer [2012.04.24 23:24:30 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\uTorrent [2011.12.22 14:03:47 | 000,000,000 | -H-D | M] -- C:\Users\Papa\AppData\Roaming\Windows Live Writer [2012.06.05 18:49:00 | 000,000,266 | -H-- | M] () -- C:\Windows\Tasks\AutoKMS.job [2012.03.08 15:25:40 | 000,032,578 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 708 bytes -> C:\Windows\System32\drivers\hyxdvlzh.sys:changelist < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.06.2012 20:30:09 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = D:\-= DOWNLOAD =-\FIREFOX DOWNLOADS
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,37 Mb Total Physical Memory | 361,28 Mb Available Physical Memory | 35,30% Memory free
2,00 Gb Paging File | 0,80 Gb Available in Paging File | 39,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,96 Gb Free Space | 4,02% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 44,17 Gb Free Space | 24,00% Space Free | Partition Type: NTFS
Drive E: | 27,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-229958436-3033542292-740978725-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08750196-3CC6-4D5A-8541-807CF32CCBE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{149081B1-34F9-49F6-88AA-BF4D6F2EFECD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{194632DE-93CB-44FB-B182-6DF5295C898C}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B8EBD82-77A1-4613-8991-5FD592D14160}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39AEA0EF-FEAB-4B06-B1C4-938F61B50E92}" = rport=138 | protocol=17 | dir=out | app=system |
"{58C95A33-08C1-4AB1-80FB-EFDADA8B33D3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5ED0CB75-9E76-43C8-AFD7-EBF0EBD5BEB3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{61B47479-8D4E-4C3F-A6C6-183D9817607C}" = rport=139 | protocol=6 | dir=out | app=system |
"{635B5A3C-F0DC-44D0-ABF2-3F9EC6FE8614}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65F1F451-5A20-4C14-BAD3-24B6532CF839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A12C738-FFD7-40B2-BD2C-ACF140B1E39D}" = rport=5445 | protocol=17 | dir=out | name=torchlight |
"{6B582AAD-82E6-4E9C-9977-34249787B11F}" = lport=5445 | protocol=17 | dir=in | name=torchlight |
"{6BB5FEB7-3EB4-4465-815B-A7E2F4802EC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C4B3A06-2171-400C-9E3E-322ACC29ABC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{81268419-BA44-4CB6-A784-67D23F930AB3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8BECA14D-9E7F-4629-8278-0C996474576A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9B1F0F0F-0F77-48C4-B8CE-0B2982A99516}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2D1106C-446C-46A8-A16D-136E7BD55D75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3226F1D-A310-4BFC-97C7-337607F9D700}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4382A6E-5532-4C24-85E7-57C4D076E81C}" = rport=445 | protocol=6 | dir=out | app=system |
"{BACDB6F3-F3F5-4438-8A95-3F16D788537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB796145-EAD4-40BF-B526-BE09B1CA8346}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DC12DEA7-1F75-4B12-8FB0-2533F9E4F7B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD7AB207-32AD-4C58-B79D-3ACD14CA013F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7B4B44E-CE58-4EF8-8DD7-6009812BFD6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECB99A3C-1105-4346-8694-E70124CF3983}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDB2605D-0E3C-4D58-B18D-6C897E7E990F}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9AEC9A-13E4-4A04-A8EA-15543E05942D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18404F1D-F987-4728-A4A0-406021E9A6E8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{19C742D9-45B7-4C21-A72D-3CD416845047}" = protocol=6 | dir=out | app=system |
"{258C348A-8787-47B5-95DB-AD80B494D85F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E486E88-C4A8-48D1-BA20-75EADFA2F323}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3337A4A3-D434-4D47-9443-A8C5529C5C4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C334766-A094-43EE-9232-4DC61BC36152}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{405783DD-908B-4C94-A53B-D67BB204F8F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EC0D44B-DC4B-4EC2-BEA8-36FC24ADC737}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{540F2FC1-31DF-456F-8931-EC2F326F29CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5436305D-2AD8-405C-9F90-7806CDA2961E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7BDBBEF0-D820-4234-B970-3896DB0833CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7F0C8079-E976-4383-B6D9-F24D90FD423B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81D9CE17-03FE-4E7F-B841-0675B876FF78}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{851B2702-A416-40F9-820B-ED68B2DCCE09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8809A5F0-A4B8-4DF1-9CB7-E6A1A43A723D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{915A7A17-6085-4321-A70B-F8619582F200}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A1499B85-E42A-43D4-8425-27E5145256F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACA10A36-8593-4B59-B28E-5B2DACAAECFB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C5C06865-1866-42F1-826E-807E84A89A4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D458B139-99C6-405F-A67C-C65A8A2BEF36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7902127-FF98-4F2D-BA68-0B37DF450879}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{F4EDE601-1FA1-4543-82F7-D566946DB818}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{FAA5DE16-9318-4436-8213-0614C0FF4A66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{423FA830-F41E-49D4-A3F4-9DA3200D2A46}C:\users\papa\desktop\neuer ordner\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\papa\desktop\neuer ordner\dcc_e2.exe |
"TCP Query User{4B108DFA-783D-425A-97A3-A62FCBDAD671}C:\users\papa\desktop\golden media\enigma 2\dcc.e2\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\papa\desktop\golden media\enigma 2\dcc.e2\dcc_e2.exe |
"TCP Query User{5A4FAFD5-C2E9-4A0C-946F-E50E635479E5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6C0CCD47-E6A8-4DBD-831A-89D8D4742A7A}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"TCP Query User{7E787C23-9A4E-465B-B95A-1487D5D4A45C}C:\users\papa\desktop\control\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\papa\desktop\control\dcc_e2.exe |
"TCP Query User{801107E1-0AE7-4E99-B070-8F45E46EA090}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{B4FB96C8-8776-485D-A4F8-84B60E823736}C:\program files\dreamboxedit\dreamboxedit.exe" = protocol=6 | dir=in | app=c:\program files\dreamboxedit\dreamboxedit.exe |
"TCP Query User{BDB7D921-5F71-45CA-8C0B-3117AFA3339E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C204F9CA-F624-4F74-95AC-6A321C939E94}C:\program files\dbox_ifa\dbox_ifa.exe" = protocol=6 | dir=in | app=c:\program files\dbox_ifa\dbox_ifa.exe |
"TCP Query User{E4BC4605-0D3A-4632-8C18-84A3D66C72DB}C:\program files\seteditpingulux\seteditpingulux.exe" = protocol=6 | dir=in | app=c:\program files\seteditpingulux\seteditpingulux.exe |
"TCP Query User{F69B6393-45D3-4953-BEE6-BE91DEB9756F}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{253F143C-4104-480B-B834-7409763769BE}C:\program files\seteditpingulux\seteditpingulux.exe" = protocol=17 | dir=in | app=c:\program files\seteditpingulux\seteditpingulux.exe |
"UDP Query User{3944460A-62F2-4C06-81C3-BC78A13870ED}C:\users\papa\desktop\neuer ordner\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\papa\desktop\neuer ordner\dcc_e2.exe |
"UDP Query User{45D221BA-9906-41C7-86CA-529B02A5AAC2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{5DBB44C3-AFB8-400B-ABB8-E7EAD01021EA}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{61B0C25F-C450-4CEA-9564-AD77AE93E215}C:\program files\dreamboxedit\dreamboxedit.exe" = protocol=17 | dir=in | app=c:\program files\dreamboxedit\dreamboxedit.exe |
"UDP Query User{7BD9BB7E-75E5-4FA9-AC10-CCA08D238D29}C:\users\papa\desktop\golden media\enigma 2\dcc.e2\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\papa\desktop\golden media\enigma 2\dcc.e2\dcc_e2.exe |
"UDP Query User{7FD99939-B3EA-4A97-AD69-134BF4D22177}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{884A111F-9FF6-4E33-8A60-6DC436B58E7B}C:\users\papa\desktop\control\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\papa\desktop\control\dcc_e2.exe |
"UDP Query User{AF529DA0-D9B1-4FE3-A8C3-5765AAE1C236}C:\program files\dbox_ifa\dbox_ifa.exe" = protocol=17 | dir=in | app=c:\program files\dbox_ifa\dbox_ifa.exe |
"UDP Query User{D6CDE880-9E5A-4EF0-953E-1EDD884E7DD3}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F80682A2-4EA8-4892-8C40-6858D7E14B42}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9604A3B3-9417-46B3-9DEA-64DF3B2DD92C}" = PDF-XChange Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFE7195F-54B3-49AD-B8CA-D1DE33369DCC}" = SatChannelListEditor
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DBOX2 Image-Flashing-Assistent_is1" = DBOX2 Image-Flashing-Assistent 3.4.2
"dreamboxEDIT" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"Edision Toolbox v1.0" = Edision Toolbox v1.0
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"EnigmEdit" = EnigmEdit (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Samsung DSR9500 Studio_is1" = Samsung DSR9500 Studio 1.4
"SetEditPingulux" = SetEditPingulux (remove only)
"SetEditVantage" = SetEditVantage (remove only)
"SopCast" = SopCast 3.2.9
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2012 13:04:55 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 13:04:55 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 13:04:55 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 13:04:55 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 13:04:55 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 13:04:55 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 14:04:57 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 14:04:57 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 14:04:57 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 03.06.2012 14:04:57 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
[ System Events ]
Error - 01.06.2012 06:53:03 | Computer Name = Papa-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.06.2012 05:03:45 | Computer Name = Papa-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.06.2012 07:39:33 | Computer Name = Papa-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 02.06.2012 19:28:41 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
Error - 03.06.2012 03:53:59 | Computer Name = Papa-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 03.06.2012 03:55:04 | Computer Name = Papa-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.06.2012 04:42:45 | Computer Name = Papa-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.06.2012 08:15:40 | Computer Name = Papa-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 04.06.2012 14:18:44 | Computer Name = Papa-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.06.2012 14:29:56 | Computer Name = Papa-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
Geändert von doradxo (05.06.2012 um 19:50 Uhr) |
| Themen zu S.M.A.R.T. HDD bzw. Win32/Kryptik.AGML |
| 32 bit, administrator, alternate, anti-malware, antivir, appdata, application/pdf, application/pdf:, automatische, automatische löschung, autostart, code, dateien, dateisystem, driver genius, enigma, explorer, fake, google, heuristiks/extra, heuristiks/shuriken, infiziert., install.exe, langs, log, löschen, microsoft, microsoft office word, online, plug-in, programm, rechner, safer networking, scan, schattenkopien, schädlinge, searchscopes, smart hdd, software, systemstart, tan, total commander, tracker, trojaner, version=1.0, versteckte, win32/kryptik.agml, windows |
Baum-Darstellung