| |
| |||||||
Log-Analyse und Auswertung: Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.07.2012, 18:19
| #1 |
 |  Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Hallo, mein Laptop wurde eben von Live Security Platinum eingenommen. Nach einem Neustart konnte ich glücklicher Weise wieder Programme öffnen, das "Programm" lag aber noch auf dem Desktop. Ich habe dann zunächst Malwarebytes Anti Malware runtergeladen und einen Quick-Scan gemacht. Dabei wurden 44 Funde identifiziert, die ich gleich gelöscht habe (habe erst danach dieses Forum gefunden und gelesen, dass das vielleicht keine gute Idee war). Habe danach noch einen vollständigen Scan im abgesicherten Modus gemacht, der keine Ergebnisse mehr lieferte. Die Verknüpfung ist weg, allerdings gibt es immer noch einen Pfad: \\*****\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum Darin liegt eine Verknüpfung mit dem Ziel: 036DFF85004A87B816712008F875EF7E.exe Ich habe jetzt, wie im entsprechenden thread empfohlen, den Scan mit OTL durchgeführt und poste das Ergebnis unten. Bitte sagt mir, wenn ihr weitere Infos braucht, um mir zu helfen. Ich nutze Windows 7, 32bit. Den Trojaner habe ich mir über Chrome eingefangen. Vielen herzlichen Dank für eure Hilfe. Hier die Ergebnisse des Scans mit OTL: "Extras.txt":OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.07.2012 18:52:43 - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*****\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 42,46% Memory free
5,93 Gb Paging File | 3,97 Gb Available in Paging File | 66,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 49,73 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CF4441-AA07-4732-8443-C808BFD0938C}" = rport=137 | protocol=17 | dir=out | app=system |
"{11B5D09A-353B-44B0-B2C8-3F67E9C781B6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1B9C63A5-1373-4F14-B1D4-6499066A4FD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1E9EDD31-675F-4E25-B4E5-A5056AA4C3E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{25FBA587-48AD-469A-A8F0-B5DF4379A42B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{261C2F88-4122-432A-B6F3-A09D05FBBBD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B2E5AB9-7312-410B-AE2D-68F11623FC87}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2B7C193F-329B-4582-B8CB-959C49C5C007}" = lport=137 | protocol=17 | dir=in | app=system |
"{333168D8-06F2-4AB4-9462-8DE64C3A0215}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F56E028-F5CB-403C-9BA4-9751689ACCC2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B2F245C-DA75-4ED7-BD92-8B04DB99A55C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{885F0784-91E1-40E8-B76D-B2EC0303EDF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B68CD4E-175E-4AE2-A2AA-35E41E6130F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C729B77-9182-4FE3-BF85-A360D1453879}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{902176BE-DE5C-4F90-9159-87F082E79E03}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9094A25F-062D-4A6D-B97F-6655AF098348}" = lport=445 | protocol=6 | dir=in | app=system |
"{A16CCB08-C35F-42AC-9556-6ED8E2C8E3C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA612C05-93B4-44A5-B821-4B5C094BD4D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB0FE4EB-F586-4C78-9702-4C69C10A579C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACF2F007-83F1-4E95-9303-7545699A6538}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0D1F38E-6536-4214-BBA5-65874942D7FB}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA14C0F7-A51C-4454-85E0-08AB14789ABA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D8F81EC2-5236-4D9F-8D38-2D165F258C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D958463A-8889-4AFA-95B6-EC06A26FDA06}" = lport=138 | protocol=17 | dir=in | app=system |
"{DF6B8912-EE78-4C8D-8229-FAF234AD0361}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8906D6A-F110-462A-BFAA-F8875B14A075}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086E9258-E57F-453D-8E2C-3003BE421D05}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0E9A4C12-B035-439D-B355-D0A7DA120457}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FDB8D32-9624-4902-A1FB-06527F21AEC0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{20190735-5844-47D5-9D66-CD5F15C9BBBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22B6A562-FF98-423B-AD14-7AEC800F3B1D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2BE340F2-58A2-40A9-A810-CBCB85BA066B}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C1E0B0E-EA0B-47CE-90FD-BD7B62936C5A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2D890082-B037-486F-B342-9131ED0A1BF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34D9ED16-14A8-47EA-9AE8-83FED97E3FBC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3B18D47A-569D-4E41-84CA-C565BCF691D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{44605633-A104-4703-8604-90E36710CD0F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4A19B7DF-F393-40AF-A0EB-ABA49519BB13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D4CE15D-DFC6-4402-AD63-81994AA38570}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{59179D2B-6969-4CE9-90C7-1B60A0CB60B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C77850E-63DB-4951-8BA4-173F41808B3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{655AC9A2-5441-47F2-A62B-ABF1A0A256FD}" = protocol=17 | dir=in | app=c:\program files\unleashed poker 2.0\pokerclient.exe |
"{700612CB-A233-40DC-BA5E-BE86B4A04A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75EF75AA-9C3C-4493-B272-4511007FF653}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{763EE795-F539-4B30-A716-E5BF4DB85992}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{784BDF24-D3FA-4AAF-9057-B9A8F09F9232}" = protocol=6 | dir=out | app=system |
"{8D294DA1-27CD-42D3-AA63-B3F4E7AAD435}" = protocol=6 | dir=in | app=c:\program files\adamevepoker 2.0\pokerclient.exe |
"{8E04F133-7DBE-48A0-A40C-9C5BFBE2DD33}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8E4AE1DB-311A-418B-99BF-DFDD5E98274A}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{90C66546-8D37-4FB2-818C-7710875BD49D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{92841E01-6410-4C47-A601-6524C1F6A777}" = protocol=6 | dir=in | app=c:\program files\unleashed poker 2.0\pokerclient.exe |
"{960BC39D-B2C4-4ADE-A3EE-B5BC14F3A2E0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9899776C-5D12-489F-9E85-DAF83C973A0A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9BD305A4-4066-46CA-96FA-8E8908ED49C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AEDBE9FE-C652-4D69-A1C1-D2F11FEFDF0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1DC5D0D-B42A-4DC6-9888-DB0648DB18B7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B774F0A9-CA95-4A62-AA68-DEBDD3A60D61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C12977AE-7CF4-4F0E-BFA4-637B05BBC37F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3E70164-1616-4013-94BA-358C53EBF920}" = protocol=17 | dir=in | app=c:\program files\adamevepoker 2.0\pokerclient.exe |
"{C49C1731-C4E2-48DA-BCB5-97E9FF1470A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C54F268C-9444-401E-ACFE-320504D0A008}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DBFCCCB0-6592-47D3-8886-D4A4428261EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F15BA8AB-87A8-4E00-9F76-875D900E1742}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F54E0B3A-350B-4268-B4BC-820A64CEBDA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD439C45-F554-43A3-AA70-A21C33398863}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{0DC16057-D5BA-4513-AD1D-4A45F4FA2B3B}C:\casino\gold club casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\gold club casino\casino.exe |
"TCP Query User{1B423633-2ACC-42B2-A2EF-99C2F7B0CAC4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{28E9BF6F-9C73-497F-B81A-7F331A80C91B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{2B4E7955-8E55-4656-A7D3-0D60EBAF7036}C:\program files\intercasinoenglisheur\casino.exe" = protocol=6 | dir=in | app=c:\program files\intercasinoenglisheur\casino.exe |
"TCP Query User{3441DAD3-9590-4E31-9A9B-5DE0CA845105}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3562280E-1E30-49F3-8556-16B50F26F8AC}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"TCP Query User{59C262BE-D339-4F74-8072-163A76899FE4}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"TCP Query User{5C661A3B-1080-4416-BE5C-9ED4FACB2D8A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5D9F1878-0A16-4107-88C6-3A88F22EAFA5}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{5F58141D-C7F6-456A-9C55-AC7C5C66067A}C:\program files\intercasinoenglishgbp\casino.exe" = protocol=6 | dir=in | app=c:\program files\intercasinoenglishgbp\casino.exe |
"TCP Query User{672CB874-1E2D-4220-8B91-55B0B58CCD88}C:\program files\betvictorpoker\pokerclient\betvictorpoker.exe" = protocol=6 | dir=in | app=c:\program files\betvictorpoker\pokerclient\betvictorpoker.exe |
"TCP Query User{6D6575E8-2DA9-4B81-A8D3-AC4C162E2564}C:\program files\vip casino\casino.exe" = protocol=6 | dir=in | app=c:\program files\vip casino\casino.exe |
"TCP Query User{6DAA7365-859E-4DDA-92C5-B2A340AC5C60}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{72F06232-2266-4DF1-BD09-623A8AFCBC41}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7A3DF1AA-9867-48F1-813E-0FA2DAB5AA54}C:\program files\victor chandler poker\pokerclient\victor chandler poker.exe" = protocol=6 | dir=in | app=c:\program files\victor chandler poker\pokerclient\victor chandler poker.exe |
"TCP Query User{8EE3B277-AA8E-4360-A293-E668204C8D5E}C:\users\*****\appdata\local\temp\cryec3a.tmp\install.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\cryec3a.tmp\install.exe |
"TCP Query User{9C8C698F-FF32-4E55-9C68-4EEAAA52E718}C:\casino\casinoclub\casino.exe" = protocol=6 | dir=in | app=c:\casino\casinoclub\casino.exe |
"TCP Query User{9F1D5ABE-C06D-481D-A6DD-A1F6890B32FE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A6A0D9B1-DC00-45BF-BA7D-477D82D3BCA4}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AACE3BA9-3ABF-4F12-9A56-2DB272D32B4D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B2BBD9A6-2DB2-464F-8821-3992BADC0691}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{B94D39C2-EC6C-468C-BF26-F681351DF497}C:\program files\spssinc\paswstatistics18\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\paswstatistics18\paswstat.exe |
"TCP Query User{C1BF8851-B499-4794-8450-13A815114F91}C:\program files\intercasinodeutschlandeur\casino.exe" = protocol=6 | dir=in | app=c:\program files\intercasinodeutschlandeur\casino.exe |
"TCP Query User{CFF25415-9EF3-4832-8347-392F471E540F}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{D4C1CA4D-A8EE-42E1-A98E-1E63143A3AAF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DB519329-1DEA-4649-AA6E-B9B9DF270D01}C:\users\*****\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{E528F6E8-5A17-41A9-8FE4-4BC4EE7604B0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{EFBF0FF9-2295-49D4-AAB2-CABF96961C98}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0B1CD09D-CB84-4B6B-AB7E-62217E73A5DD}C:\users\*****\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{0E865D27-6341-41BF-8FF2-273DF9D8C537}C:\casino\gold club casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\gold club casino\casino.exe |
"UDP Query User{188D5875-DC70-4B65-9B9D-6F649F03CE08}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1E0678B7-2022-4071-856D-D2210B62FEDE}C:\program files\intercasinodeutschlandeur\casino.exe" = protocol=17 | dir=in | app=c:\program files\intercasinodeutschlandeur\casino.exe |
"UDP Query User{20FAFCEA-3709-464A-BEB2-765779F7E6D5}C:\program files\intercasinoenglishgbp\casino.exe" = protocol=17 | dir=in | app=c:\program files\intercasinoenglishgbp\casino.exe |
"UDP Query User{21B9A70B-7690-4866-89AC-C1F3B1C23EAF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2D4A61A9-5423-4E61-899A-1B7FBF3DC16B}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{33DAFDA0-E87C-4273-832C-00EC6F747609}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{420EC269-CB98-478A-B680-E7FF55220DC6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{46B287D1-5E52-4A29-B612-B6029DFFB30E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{487FDD9E-D056-4B96-B9F4-AFE66B3C1E36}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{5A64E2D3-7FA1-4010-A224-5BE81381AF66}C:\program files\spssinc\paswstatistics18\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\paswstatistics18\paswstat.exe |
"UDP Query User{5C587B41-0EBB-428C-9A42-30B1DEAC9E38}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{647604DB-2E51-456B-B90C-AEFAE09473E6}C:\users\*****\appdata\local\temp\cryec3a.tmp\install.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\cryec3a.tmp\install.exe |
"UDP Query User{730FFF75-1004-4BE9-A5DF-D3D7B3482D82}C:\casino\casinoclub\casino.exe" = protocol=17 | dir=in | app=c:\casino\casinoclub\casino.exe |
"UDP Query User{888F0DF2-0CBB-4F0D-BFFA-F36386279C7A}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{98ED9B69-4BD4-49B9-9863-ABC69002F836}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A19A3AA3-5228-4433-8ACC-1DED65038EF2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B4DABDFE-75B9-4D48-A18B-F8215015EDC5}C:\program files\betvictorpoker\pokerclient\betvictorpoker.exe" = protocol=17 | dir=in | app=c:\program files\betvictorpoker\pokerclient\betvictorpoker.exe |
"UDP Query User{BF6F63FA-A205-4EF1-AF53-8D8C6FBB9DA5}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C2925C72-7864-4373-ABCB-5971BFA29902}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CCB6B71C-1E14-4E86-AFEF-DBCD51AF88A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CD27B4FE-1F6E-4EE8-8468-74B2CF403783}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CDBD6D53-4698-48D8-BD32-59DB59A64F96}C:\program files\victor chandler poker\pokerclient\victor chandler poker.exe" = protocol=17 | dir=in | app=c:\program files\victor chandler poker\pokerclient\victor chandler poker.exe |
"UDP Query User{D95F3041-3494-4293-A489-9149C9E2772D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F01FAEC4-3778-4CE7-99C7-358E3977B772}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F7337F7B-078F-45F5-8C88-B382AFDB46EE}C:\program files\vip casino\casino.exe" = protocol=17 | dir=in | app=c:\program files\vip casino\casino.exe |
"UDP Query User{FFFE83F1-75E4-4025-A247-4CD0EF7F3A7B}C:\program files\intercasinoenglisheur\casino.exe" = protocol=17 | dir=in | app=c:\program files\intercasinoenglisheur\casino.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{044B477C-3AF5-4DF2-A946-200C2C9E8933}" = ASUS USB2.0 UVC VGA WebCam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F0EE12C-44B1-4FCB-87E3-4686C888774A}" = Hercules Classic Webcam Drivers
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1" = Moyea Video4Web Converter Version 2.5.0.5
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CA218F-FFA0-4269-969C-70D5A3028EE3}" = ATLAS.ti 5.0
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Classic Silver Drivers
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"f4" = f4 3.1.0
"Flv Grabber_is1" = FlvGrabber
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.718
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Clean Up Tool" = McAfee Clean Up Tool
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP3-Cutter" = MP3-Cutter
"Office14.SingleImage" = Microsoft Office Professional 2010
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.2.9
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Veetle TV" = Veetle TV
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.07.2012 04:35:51 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 16.07.2012 13:41:15 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 16.07.2012 13:46:53 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc companion\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.07.2012 07:11:47 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 036DFF85004A87B816712008F875EF7E.exe,
Version: 0.0.0.0, Zeitstempel: 0x4fff7bd7 Name des fehlerhaften Moduls: ntdll.dll,
Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0001f8c4 ID des fehlerhaften Prozesses: 0x12f0 Startzeit der fehlerhaften Anwendung:
0x01cd640cf37c025a Pfad der fehlerhaften Anwendung: C:\ProgramData\036DFF85004A87B816712008F875EF7E\036DFF85004A87B816712008F875EF7E.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 327b4c23-d000-11e1-84ab-90e6ba184834
Error - 17.07.2012 10:05:02 | Computer Name = *****-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
Error - 17.07.2012 10:05:02 | Computer Name = *****-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x8007043c).
Error - 17.07.2012 10:05:02 | Computer Name = *****-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.
Error - 17.07.2012 10:05:02 | Computer Name = *****-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x8007043c).
Error - 17.07.2012 10:05:27 | Computer Name = *****-PC | Source = System Restore | ID = 8193
Description =
Error - 17.07.2012 10:05:31 | Computer Name = *****-PC | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 05.02.2011 06:53:54 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 11:53:53 - Fehler beim Herstellen der Internetverbindung. 11:53:54
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2011 08:36:29 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 13:36:28 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
[ System Events ]
Error - 17.07.2012 12:03:36 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:03:44 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:03:44 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:03:44 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:05:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:05:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:05:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:08:36 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:08:36 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 12:08:36 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
"OTL.txt":OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.07.2012 18:52:43 - Run 3 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*****\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 42,46% Memory free 5,93 Gb Paging File | 3,97 Gb Available in Paging File | 66,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 49,73 Gb Free Space | 16,69% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll () MOD - C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aur40r7d) -- File not found DRV - (aggampax) -- C:\Windows\system32\drivers\aggampax.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{786FEED4-360F-4999-93A0-4B74ED2960CB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 49 18 65 93 68 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=0c40922a-07ba-11e1-9791-90e6ba184834&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{786FEED4-360F-4999-93A0-4B74ED2960CB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.07.04 17:55:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.07 00:59:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.19 01:07:19 | 000,000,000 | ---D | M] [2010.10.10 17:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.07.04 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hewwua5j.default\extensions [2011.08.21 11:58:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hewwua5j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 10:51:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hewwua5j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.19 14:05:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hewwua5j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.07.03 21:34:09 | 000,001,056 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hewwua5j.default\searchplugins\icqplugin.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hewwua5j.default\searchplugins\startsear.xml [2012.07.07 12:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.06.25 02:58:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.19 01:07:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.06.19 01:07:02 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.10.27 17:00:48 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src ========== Chrome ========== CHR - homepage: hxxp://startsear.ch/?aff=1 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://startsear.ch/?aff=1 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: vshare plugin = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Skype Click to Call = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96CDE99E-17B3-4F85-9C39-194383FC4564}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{10e50371-e235-11df-8780-90e6ba184834}\Shell - "" = AutoRun O33 - MountPoints2\{10e50371-e235-11df-8780-90e6ba184834}\Shell\AutoRun\command - "" = E:\setup.exe /autorun O33 - MountPoints2\{231cfcf5-d52f-11e0-9cc2-90e6ba184834}\Shell - "" = AutoRun O33 - MountPoints2\{231cfcf5-d52f-11e0-9cc2-90e6ba184834}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.17 15:43:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.07.17 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.07.17 15:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.17 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.17 15:33:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.17 15:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.17 12:39:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.07.17 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF85004A87B816712008F875EF7E [2012.07.11 14:50:30 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Thailand [2012.07.11 11:01:49 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.11 11:01:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.11 11:01:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.07.04 19:32:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\assembly [2012.06.30 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.06.27 02:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.06.27 02:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.06.19 01:16:17 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.19 01:16:17 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.19 01:15:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.19 01:15:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.19 01:15:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.19 01:15:35 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.19 01:15:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.19 01:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012.06.19 01:07:12 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2012.06.19 01:06:59 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2012.06.19 01:06:59 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2012.06.19 01:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.06.17 23:23:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Macromedia [2 C:\Users\*****\Desktop\*.tmp files -> C:\Users\*****\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.17 18:37:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2544629449-3684721059-286965031-1001UA.job [2012.07.17 18:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.17 18:18:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.17 18:17:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.17 18:17:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.17 18:13:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 18:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.17 18:09:35 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys [2012.07.17 16:04:59 | 000,657,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.17 16:04:59 | 000,619,064 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.17 16:04:59 | 000,131,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.17 16:04:59 | 000,107,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.17 15:43:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.07.17 15:33:48 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 22:37:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2544629449-3684721059-286965031-1001Core.job [2012.07.16 09:26:10 | 000,064,531 | ---- | M] () -- C:\Users\*****\Desktop\lcb_admin_*****_2.jpg [2012.07.16 09:25:34 | 000,117,943 | ---- | M] () -- C:\Users\*****\Desktop\lcb_admin_*****_1.jpg [2012.07.11 21:35:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.11 21:35:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.11 14:56:53 | 000,408,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.04 18:04:53 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 15:52:40 | 000,004,909 | ---- | M] () -- C:\Users\*****\Desktop\21vmsw8gp2L._SL500_AA300_.jpg [2012.06.30 10:46:45 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.06.30 10:46:45 | 000,002,000 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.06.28 10:12:56 | 000,194,390 | ---- | M] () -- C:\Users\*****\Desktop\lcb_admin.jpg [2012.06.25 08:07:11 | 000,001,049 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.19 01:07:33 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.06.19 01:07:12 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2012.06.19 01:06:59 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2012.06.19 01:06:59 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2012.06.19 01:06:58 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2 C:\Users\*****\Desktop\*.tmp files -> C:\Users\*****\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.17 15:33:48 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 09:26:09 | 000,064,531 | ---- | C] () -- C:\Users\*****\Desktop\lcb_admin_*****_2.jpg [2012.07.16 09:25:34 | 000,117,943 | ---- | C] () -- C:\Users\*****\Desktop\lcb_admin_*****_1.jpg [2012.07.04 18:04:53 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2012.07.01 15:52:39 | 000,004,909 | ---- | C] () -- C:\Users\*****\Desktop\21vmsw8gp2L._SL500_AA300_.jpg [2012.06.28 10:12:56 | 000,194,390 | ---- | C] () -- C:\Users\*****\Desktop\lcb_admin.jpg [2012.06.27 02:45:46 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.06.27 02:45:46 | 000,002,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.06.19 01:07:33 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.04.26 01:12:15 | 000,414,720 | ---- | C] () -- C:\Windows\System32\agsecure.dll [2011.08.12 22:18:42 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2011.06.21 09:14:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.31 17:58:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.02.13 05:09:49 | 000,123,392 | ---- | C] () -- C:\Windows\System32\UnCasinoV5DUE.exe [2011.02.09 00:24:25 | 000,123,392 | ---- | C] () -- C:\Windows\System32\UnCasino5.exe [2011.01.31 19:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\*****\AppData\Local\keyfile3.drm [2010.11.15 01:36:08 | 001,766,592 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.11.15 01:36:08 | 000,035,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.11.15 00:33:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\st50220.dll [2010.11.07 12:36:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.06 19:14:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.11.06 19:14:43 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.11.06 19:14:43 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.11.06 19:14:42 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.11.02 02:11:44 | 000,475,911 | ---- | C] () -- C:\Users\*****\Übungsaufgabe1.spv [2010.11.01 20:19:48 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.11.01 20:19:48 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.27 17:02:00 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.10.26 21:48:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.10.11 00:04:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll ========== LOP Check ========== [2011.06.27 19:15:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\21Dukes [2011.07.24 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\7Reels [2011.04.15 01:24:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\7Spins [2011.01.02 19:45:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Absolute Poker [2012.04.19 23:03:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Azureus [2012.01.31 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blackdiamond [2011.03.10 01:52:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blacklights [2012.02.01 12:02:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Box24 [2011.09.09 09:56:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CasinoMoons [2012.03.13 22:27:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CasinoOnNet [2011.03.08 11:33:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CasinoStates [2012.06.03 01:19:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.relaxgaming.prod.igame.FastPokerLobby [2010.10.28 03:48:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Pro [2012.02.20 10:49:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DiamondVipClub [2011.05.18 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Diceland [2012.07.17 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2011.08.21 12:17:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2011.08.21 11:58:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.10 00:12:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Grandluxe [2010.12.03 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Gutscheinmieze [2011.11.14 22:40:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\iButler Casino [2011.09.03 18:03:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.10.31 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView [2010.10.27 17:02:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leawo [2011.02.12 05:25:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LittlewoodsCasino [2012.02.21 09:47:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lush Casino [2011.10.29 01:31:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Macao [2011.06.26 23:54:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mayflower [2011.12.27 05:17:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Microgaming [2012.01.27 18:37:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy [2011.04.17 18:39:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Rialto [2012.02.19 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RichCasino [2012.02.10 11:12:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RomeCasino [2011.02.07 17:11:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Scientific Software [2012.02.01 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Spartan [2012.07.16 23:49:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Spotify [2011.04.18 15:07:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Swiss Academic Software [2012.02.19 20:05:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thebes [2012.04.21 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Topaze [2010.12.08 23:21:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\VTExtra [2011.02.05 10:52:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.02.05 10:53:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\At2.job [2011.02.05 11:05:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\At3.job [2011.02.05 11:06:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At4.job [2011.02.05 11:06:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At5.job [2011.02.05 11:11:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At6.job [2012.05.25 12:41:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von FeKe (17.07.2012 um 18:32 Uhr) |
|
18.07.2012, 14:11
| #2 | |
| /// Selecta Jahrusso   | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Ich arbeite ungern mit Zensierten Logfiles. Also wenns nicht wirklich deinen vollständigen Namen anzeigt, lass das. Mit dem kann niemand was Anfangen. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
19.07.2012, 19:49
| #3 |
| | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Hallo Daniel,
__________________1000 Dank, dass du dich meiner annimmst. Hier das Logfile von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-19.02 - Felix 19.07.2012 20:22:32.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3037.1979 [GMT 2:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Felix\AppData\Local\assembly\tmp
c:\users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{121BD88C-C2F5-41EE-AE40-19492463548B}.xps
c:\users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E3D8304-51FC-4CB8-A8C9-4AF39F5A2992}.xps
c:\users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{341F63E8-3C84-48AD-83E6-ECF5D4F5BCB6}.xps
c:\users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FD62F1A-03F5-44DE-AE4C-6DAC886F3BF4}.xps
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-19 bis 2012-07-19 ))))))))))))))))))))))))))))))
.
.
2012-07-19 18:42 . 2012-07-19 18:42 -------- d-----w- c:\users\Felix\AppData\Local\temp
2012-07-19 18:42 . 2012-07-19 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 13:34 . 2012-07-17 13:34 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
2012-07-17 13:33 . 2012-07-17 13:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 13:33 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 13:33 . 2012-07-17 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-17 10:37 . 2012-07-17 13:55 -------- d-----w- c:\programdata\036DFF85004A87B816712008F875EF7E
2012-07-11 12:50 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 17:32 . 2012-07-19 18:41 -------- d-----w- c:\users\Felix\AppData\Local\assembly
2012-06-27 00:45 . 2012-06-27 00:45 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-27 00:45 . 2012-06-30 08:46 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 19:35 . 2012-04-06 08:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 19:35 . 2011-06-10 08:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 23:06 . 2012-06-18 23:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-18 23:06 . 2012-06-18 23:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-02 22:19 . 2012-06-18 23:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-18 23:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-18 23:16 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-18 23:15 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-18 23:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-18 23:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 03:03 . 2012-06-14 16:26 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44 . 2012-06-14 16:26 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-14 16:26 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 16:26 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 16:26 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 16:26 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-14 16:25 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 16:25 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 16:25 103936 ----a-w- c:\windows\system32\cryptnet.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Spotify Web Helper"="c:\users\Felix\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-06 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-28 1406248]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-06-27 220552]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-18 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 aggampax;aggampax;c:\windows\system32\drivers\aggampax.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 19:35]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 07:49]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 07:49]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2544629449-3684721059-286965031-1001Core.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 10:50]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2544629449-3684721059-286965031-1001UA.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 10:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-rpcnet
AddRemove-McAfee Clean Up Tool - c:\users\Felix\Desktop\UNWISE.EXE
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-19 20:44:38
ComboFix-quarantined-files.txt 2012-07-19 18:44
.
Vor Suchlauf: 16 Verzeichnis(se), 58.354.536.448 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 68.290.977.792 Bytes frei
.
- - End Of File - - 0B0D94EAA0C392680EEC16DF4CDEB444
|
|
20.07.2012, 10:18
| #4 |
| /// Selecta Jahrusso | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
Code:
ATTFilter /md5start
036DFF85004A87B816712008F875EF7E.exe
/md5stop
c:\programdata\036DFF85004A87B816712008F875EF7E\*.* /s
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
20.07.2012, 21:08
| #5 |
| | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Hey, alles klar, danke. Hier der Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2012 21:58:30 - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Felix\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 63,48% Memory free
5,93 Gb Paging File | 4,73 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 62,37 Gb Free Space | 20,93% Space Free | Partition Type: NTFS
Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< c:\programdata\036DFF85004A87B816712008F875EF7E\*.* /s >
[2012.07.17 12:39:35 | 000,001,872 | ---- | M] () -- c:\programdata\036DFF85004A87B816712008F875EF7E\036DFF85004A87B816712008F875EF7E
[2012.07.17 12:37:13 | 000,004,286 | ---- | M] () -- c:\programdata\036DFF85004A87B816712008F875EF7E\036DFF85004A87B816712008F875EF7E.ico
< End of report >
|
|
21.07.2012, 14:14
| #6 |
| /// Selecta Jahrusso | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?ESET Online Scanner
__________________ --> Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? |
|
22.07.2012, 18:30
| #7 |
| | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Hey, Hier das ESET Logfile: C:\Program Files\Pantasia\Loader.exe Win32/RubyRoyal application C:\Users\Felix\Documents\Felix Kram\Setup\Toolbar.exe Win32/Toolbar.AskSBar application C:\Users\Felix\Documents\Felix Kram\Setup\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application |
|
23.07.2012, 13:37
| #8 |
| /// Selecta Jahrusso | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Nichts, was uns beunruhigen sollte  Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Starte bitte Defogger und klicke den Re-enable Button. Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen. Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.07.2012, 18:45
| #9 |
| | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Hey Daniel, ich habe alle ausgeführt und ohne Probleme beenden können. Mir bleibt nichts, außer dir vielmals zu danken! |
|
27.07.2012, 18:58
| #10 |
| /// Selecta Jahrusso | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? Froh das wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? |
| 7-zip, audacity, avira, bho, converter, document, downloader, entfernen, error, excel, fehler, firefox, flash player, google, google earth, helper, iexplore.exe, install.exe, langs, logfile, microsoft office word, mozilla, mp3, ntdll.dll, object, progressive, registry, richtlinie, searchscopes, security, senden, server, software, spotify web helper, svchost.exe, taskhost.exe, trojaner, usb 2.0, windows |
Textbox.
Linear-Darstellung
