![]() |
|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Win7 Pro x64Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() GVU Trojaner auf Win7 Pro x64 Hallo, der GVU-Trojaner hat es heute auf meinen Rechner geschafft... und evtl. auch schon wieder runter, aber ich weiß es nicht wirklich: Beim Rechnerstart (vor dem Auftreten) hat Comodo Internet Security die datei "srocsc.dll" für Verdächtig befunden und dann in der Sandbox laufen lassen. Dann beim Arbeiten hat der GVU Trojaner meinen Rechner gesperrt. Um den Rechner automatisch runterfahren zu lassen hab ich auf den Powerknopf gedrückt und siehe da: Dank "nicht reagierender Programme" wurde der Rechner entsperrt und das Herunterfahren konnte ich abbrechen und noch meine Arbeit speichern ![]() Nach dem MBAM-Scan und darauf folgendem Neustart war "srocsc.dll" wohl die oder eine der ausschlaggebenden Dateien (Rundll-Fehler: srocsc.dll wurde nicht gefunden -weil durch MBAM gelöscht- und keine Symptome mehr). Jetzt glaube ich aber nicht wirklich, dass der Rechner wieder Sauber ist, da immerhin noch danach gefragt wurde... Also die eigentlichen Fragen: 1. Ist mein Rechner wieder gesund, oder ist noch etwas zu tun? 2. Wie soll ich mit den Rechnern im Netzwerk verfahren? Bis jetzt ist noch keiner betroffen, alle laufen mit Comodo Internet Security. Hier die Logs von MBAM und OTL: MBAM beim Fund: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Suri :: SURIDT [Administrator] 04.08.2012 15:43:01 mbam-log-2012-08-04 (15-43-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213107 Laufzeit: 1 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Suri\AppData\Roaming\srocsc.dll (Trojan.Midhos) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Suri\AppData\Roaming\srocsc.dll (Trojan.Midhos) -> Löschen bei Neustart. C:\Users\Suri\AppData\Local\Temp\deo0_sar.exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Suri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Suri :: SURIDT [Administrator] 04.08.2012 15:50:09 mbam-log-2012-08-04 (15-50-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212094 Laufzeit: 2 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 04.08.2012 15:53:16 - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Suri\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,73% Memory free 15,99 Gb Paging File | 14,18 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 68,26 Gb Total Space | 15,75 Gb Free Space | 23,08% Space Free | Partition Type: NTFS Drive D: | 116,34 Gb Total Space | 63,61 Gb Free Space | 54,67% Space Free | Partition Type: NTFS Drive E: | 150,00 Gb Total Space | 12,24 Gb Free Space | 8,16% Space Free | Partition Type: NTFS Drive F: | 150,00 Gb Total Space | 36,16 Gb Free Space | 24,10% Space Free | Partition Type: NTFS Drive G: | 397,40 Gb Total Space | 29,38 Gb Free Space | 7,39% Space Free | Partition Type: NTFS Drive H: | 25,00 Gb Total Space | 24,91 Gb Free Space | 99,64% Space Free | Partition Type: NTFS Drive I: | 24,41 Gb Total Space | 8,29 Gb Free Space | 33,95% Space Free | Partition Type: NTFS Drive S: | 146,48 Gb Total Space | 43,55 Gb Free Space | 29,73% Space Free | Partition Type: NTFS Drive T: | 785,03 Gb Total Space | 19,54 Gb Free Space | 2,49% Space Free | Partition Type: NTFS Computer Name: SURIDT | User Name: Suri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Suri\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Tools\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Suri\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Tools\Kies\External\FirmwareUpdate\CommonModule.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\IPCServer.dll () MOD - C:\Tools\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll () MOD - C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (cmdAgent) -- C:\Tools\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (UnlockerDriver5) -- C:\Tools\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ISODrive) -- C:\Tools\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (zlportio) -- G:\Spiele\UltraStar\zlportio.sys (SpecoSoft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 6C 99 08 54 EF CC 01 [binary data] IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Tools\Java\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Suri\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Tools\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Suri\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Suri\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.26 17:15:58 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Suri\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Suri\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Suri\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Tools\QuickTime\plugins\npqtplugin7.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Tools\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Suri\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\ CHR - Extension: Angry Birds = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Session Manager = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\ CHR - Extension: Chrome Tips Beta (by Google) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmbgfhokojnnaliemjgbahnfeggocpe\1.0.6_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: AdBlock+ = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\ CHR - Extension: Search by Image (by Google) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\ CHR - Extension: AdBlock = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: JDownloader Integration = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmochcijbhgjfdmojjenfabpafelhgdc\1.0_0\ CHR - Extension: Chrome to Mobile = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\1.0.0_0\ CHR - Extension: JDownloader Integration for Google Chrome\u2122 = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm\1.2.3_0\ CHR - Extension: Google Dictionary (by Google) = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\ CHR - Extension: Bookmark = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm\0.9.0_0\ CHR - Extension: ScriptNo = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\ CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\Suri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.2_0\ O1 HOSTS File: ([2012.02.26 15:41:48 | 000,007,388 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip4.adobe.com O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com #192.150.22.22 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com #192.150.14.21 O1 - Hosts: 127.0.0.1 3dns-4.adobe.com #192.150.18.247 O1 - Hosts: 127.0.0.1 3dns-5.adobe.com #192.150.22.46 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com #192.150.11.30 O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247 O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30 O1 - Hosts: 127.0.0.1 adobe.activate.com #69.175.22.26 O1 - Hosts: 127.0.0.1 activate.adobe.com #192.150.22.40 O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com #192.150.22.40 O1 - Hosts: 110 more lines... O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Tools\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Suri\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Tools\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [srocsc] rundll32.exe "C:\Users\Suri\AppData\Roaming\srocsc.dll",CchFileTimeToDateTimeW File not found O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Arbeit\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [KiesHelper] C:\Tools\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Tools\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Tools\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [XSECVA] "C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [EVEREST AutoStart] C:\Tools\EVEREST Ultimate Edition\everest_start.exe () O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [KiesPDLR] C:\Tools\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000..\Run: [XSECVA] "C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4155572933-657980158-4089475342-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DCCC1DE-DC72-47D7-BDC0-EDD5A35FD3F3}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236213FA-A66B-470F-8B65-E050994C8013}: DhcpNameServer = 192.168.178.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe"C:\Users\Suri\AppData\Roaming\xsecva\xsecva.exe" -s) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 15:37:25 | 000,000,000 | ---D | C] -- C:\Users\Suri\AppData\Roaming\Malwarebytes [2012.08.04 15:37:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.04 15:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.04 15:05:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Suri\Desktop\OTL.exe [2012.08.03 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\Suri\AppData\Roaming\xsecva [2012.08.03 21:06:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.08.03 21:00:15 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.08.03 21:00:15 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.08.03 21:00:15 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.08.03 21:00:15 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.08.03 21:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012.08.03 20:59:18 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.08.03 20:59:18 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2012.08.03 20:59:18 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012.08.03 20:59:18 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012.08.03 20:59:18 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012.08.03 20:59:18 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012.08.03 20:59:18 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012.08.03 20:59:18 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012.08.03 20:59:18 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012.08.03 20:59:18 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012.08.03 20:59:18 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012.08.03 20:59:18 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012.08.03 20:59:18 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012.08.03 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012.07.28 22:02:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2012.07.28 22:02:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2012.07.28 22:02:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2012.07.28 22:02:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2012.07.28 22:02:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012.07.28 22:02:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012.07.28 22:02:00 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012.07.28 22:02:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012.07.28 22:02:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012.07.28 22:02:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012.07.28 22:02:00 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2012.07.28 22:02:00 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2012.07.28 22:01:59 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2012.07.28 22:01:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2012.07.28 22:01:59 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012.07.28 22:01:59 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012.07.28 22:00:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.27 01:09:39 | 000,000,000 | ---D | C] -- C:\Users\Suri\Documents\Prototype [2012.07.19 13:52:15 | 000,000,000 | ---D | C] -- C:\Users\Suri\AppData\Roaming\dvdcss [2012.07.14 20:29:12 | 000,000,000 | ---D | C] -- C:\Users\Suri\Documents\The Lord of the Rings - Conquest [2012.07.10 23:44:27 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 23:44:27 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.10 23:44:23 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.07.10 23:44:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.07.10 23:44:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.10 23:44:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.10 23:44:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.10 22:30:13 | 000,000,000 | ---D | C] -- C:\Users\Suri\Desktop\Baurecht ========== Files - Modified Within 30 Days ========== [2012.08.04 15:48:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 15:48:41 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 15:48:37 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.08.04 15:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000UA.job [2012.08.04 15:37:14 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.04 15:26:14 | 000,000,000 | ---- | M] () -- C:\Users\Suri\defogger_reenable [2012.08.04 15:09:33 | 000,015,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 15:09:33 | 000,015,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 15:05:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Suri\Desktop\OTL.exe [2012.08.04 14:54:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.03 21:42:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4155572933-657980158-4089475342-1000Core.job [2012.07.31 22:31:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 22:31:55 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 22:31:55 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 22:31:55 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 22:31:55 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.15 15:17:22 | 000,011,554 | ---- | M] () -- C:\Windows\vpd.properties [2012.07.11 16:52:56 | 004,866,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.04 15:37:14 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.04 15:26:14 | 000,000,000 | ---- | C] () -- C:\Users\Suri\defogger_reenable [2012.08.04 14:49:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.08.03 21:00:15 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.08.03 20:59:18 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2012.08.03 20:59:18 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012.08.03 20:59:18 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012.08.03 20:59:18 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012.08.03 20:59:18 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2012.08.03 20:59:18 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.08.03 20:59:18 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012.08.03 20:59:18 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2012.08.03 20:59:18 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2012.08.03 20:59:18 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012.08.03 20:59:18 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012.07.02 16:54:30 | 000,000,132 | ---- | C] () -- C:\Users\Suri\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.05.23 21:07:25 | 000,182,884 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.05.23 21:07:25 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat [2012.05.23 18:13:55 | 000,007,604 | ---- | C] () -- C:\Users\Suri\AppData\Local\Resmon.ResmonCfg [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.02.22 13:19:11 | 000,011,776 | ---- | C] () -- C:\Users\Suri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.19 23:01:52 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.02.19 21:42:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012.03.07 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Abvent [2012.03.11 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Abvent_Artlantis3 [2012.03.15 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Abvent_Artlantis4 [2012.02.22 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\ACD Systems [2012.05.08 22:59:32 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\AllDup [2012.08.04 14:35:26 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Audacity [2012.02.25 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\bizarre creations [2012.03.10 01:28:46 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Blender Foundation [2012.05.23 18:37:07 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\FreeFileSync [2012.02.22 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\GHISLER [2012.02.27 12:56:31 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Graphisoft [2012.03.13 10:39:25 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\ImgBurn [2012.07.15 15:17:05 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Install.GS [2012.05.08 22:55:11 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\loadtbs [2012.05.08 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\OpenCandy [2012.03.15 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\OpenOffice.org [2012.03.10 01:14:14 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Refractive Software [2012.02.25 22:12:47 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\Samsung [2012.08.04 13:43:46 | 000,000,000 | ---D | M] -- C:\Users\Suri\AppData\Roaming\xsecva [2012.07.16 23:16:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.08.2012 15:53:16 - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Suri\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,73% Memory free 15,99 Gb Paging File | 14,18 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 68,26 Gb Total Space | 15,75 Gb Free Space | 23,08% Space Free | Partition Type: NTFS Drive D: | 116,34 Gb Total Space | 63,61 Gb Free Space | 54,67% Space Free | Partition Type: NTFS Drive E: | 150,00 Gb Total Space | 12,24 Gb Free Space | 8,16% Space Free | Partition Type: NTFS Drive F: | 150,00 Gb Total Space | 36,16 Gb Free Space | 24,10% Space Free | Partition Type: NTFS Drive G: | 397,40 Gb Total Space | 29,38 Gb Free Space | 7,39% Space Free | Partition Type: NTFS Drive H: | 25,00 Gb Total Space | 24,91 Gb Free Space | 99,64% Space Free | Partition Type: NTFS Drive I: | 24,41 Gb Total Space | 8,29 Gb Free Space | 33,95% Space Free | Partition Type: NTFS Drive S: | 146,48 Gb Total Space | 43,55 Gb Free Space | 29,73% Space Free | Partition Type: NTFS Drive T: | 785,03 Gb Total Space | 19,54 Gb Free Space | 2,49% Space Free | Partition Type: NTFS Computer Name: SURIDT | User Name: Suri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 10.0.Browse] -- "C:\Tools\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Arbeit\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Tools\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 10.0.Browse] -- "C:\Tools\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Arbeit\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Tools\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Tools\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1277CFAA-7822-4BEB-A7AB-D65E0769A620}" = rport=10243 | protocol=6 | dir=out | app=system | "{167D0F40-E0E9-49D1-882B-1BE42D596A0F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{22E23DAA-63F1-4D3E-BBF9-08D9E904F11F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3187BF46-C008-4D15-9E76-7090014DDF41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{381B60E8-EC67-4D50-BE9B-F1CD82B3FFA0}" = lport=138 | protocol=17 | dir=in | app=system | "{3F299923-5498-4072-82B9-C47F0786C539}" = lport=137 | protocol=17 | dir=in | app=system | "{4B56297A-5A81-4A5E-AAAA-169319695F01}" = lport=2869 | protocol=6 | dir=in | app=system | "{4F202002-DF74-40C2-87F4-ECB7F007B415}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7F90D1F5-348F-4B37-A571-390DB73AB1E9}" = rport=139 | protocol=6 | dir=out | app=system | "{88E9E046-65D1-4203-805E-E74DB574D093}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C21D185-9067-4C65-9B8F-FC9DFCCBB53C}" = rport=137 | protocol=17 | dir=out | app=system | "{8C6EEFA4-FB65-414B-87F3-C62B4FA909EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{95ADB971-C195-468D-8109-325DE34605AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A293980E-B7B5-4784-8D43-822B92121D3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A3347F1D-50BA-458D-88CB-1211912D2B2D}" = rport=445 | protocol=6 | dir=out | app=system | "{A3E4012B-5C34-4718-BCBF-9456B2CAF275}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{CBED4714-B245-4C48-A7FD-6F266E506F24}" = rport=138 | protocol=17 | dir=out | app=system | "{D2922C94-FD6E-49C6-86E2-3EB5B8861C9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9EBF759-FD25-4433-BDAF-C197967BAB23}" = lport=10243 | protocol=6 | dir=in | app=system | "{E6E54BCA-09A9-417C-B3B2-3D7002CE145A}" = lport=139 | protocol=6 | dir=in | app=system | "{F9D503F3-73D6-4A75-B929-E7EF9FB355AA}" = lport=445 | protocol=6 | dir=in | app=system | "{FEC551EB-C7EE-4200-AA2B-17B35255607F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DB0598F-A2DC-41B4-916F-3F7A158FE3DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2FA41E66-BC46-427A-8962-4A7A537F102B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{39B4A9CA-D896-4C32-A7B9-C96E98089EBD}" = dir=in | app=c:\users\suri\appdata\local\temp\7zs31f2\setup\hpznui40.exe | "{3AB0B21D-30E2-41DD-8F35-A9A55C8797B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4F913935-5ECB-406E-AC1B-98DE396643CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4FF45EC8-043E-4998-B14F-39F14001CC7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{510C3F7E-9E20-4EF4-A44A-98B37A2D801C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5EA410D2-D54D-49AF-9FB4-1620A4F4DA17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{62167C31-7F71-491E-8A5E-4F57C2E27869}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{62349CFD-5820-4145-8193-CBCA54881B76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{75F77037-65A4-4B53-9E19-CC499161D1A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{76C513C6-EF5A-45EC-B5BB-52AC1718FB58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7C8CAF8A-241C-4BD5-AA2F-4AE33511B13B}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{7E997403-7CED-437E-9CC6-FEFDDEEF1486}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{7FF6A077-E6DD-4B72-B4A2-FBBFC94BC1CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8A54E4F3-3423-4709-AEB4-D92D87A30FBF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9A1EA47A-D9F0-482D-9647-783D456BB4DD}" = protocol=17 | dir=in | app=g:\spiele\prototype\prototypef.exe | "{A28FB04F-7EA5-42EF-8DDC-C6C61A22ACCF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A88FD392-B1A3-4A96-A2B2-8F5EF0284970}" = protocol=6 | dir=out | app=system | "{AA2F34D4-1111-4F44-ADD6-FC4AAF46728E}" = protocol=6 | dir=in | app=g:\spiele\need for speed hot pursuit\launcher.exe | "{AF4C998A-8997-4F9F-B743-9661FFCF3BEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B15DCB82-F5F3-425B-B316-96057052EDDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BE5B64B1-8073-42A1-B110-2D7D9DFB8C73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CBCB5618-D606-4B59-B337-73C2B5412F54}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D1D8EAB5-82FF-4807-A395-D45E34C4A397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DC85A1F3-AE49-4AD2-8201-D07C9B6C60F2}" = protocol=6 | dir=in | app=g:\spiele\prototype\prototypef.exe | "{E6373EAD-51B0-4437-96FF-8C4B133E8EE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{ED5977A0-458B-4DB9-B201-F85AF9D23A1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F6D85F42-BC82-4327-AFD4-CF5F92D6CFA3}" = protocol=17 | dir=in | app=g:\spiele\need for speed hot pursuit\launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08 "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "001FFF2FFF15FF00FF0201F01F02F000-R1" = ArchiCAD 15 R1 GER "Artlantis Studio 4" = Artlantis Studio 4.0 "Blender" = Blender "Unlocker" = Unlocker 1.9.1-x64 "WinRAR archiver" = WinRAR 4.10 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01 "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}" = FlatOut "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min "{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager "063FFFFFFF15FF00FF0201F00F02F000-R1" = 3DStudio Import 15 GER "065FFFFFFF15FF00FF0201F00F02F000-R1" = Doppelte Elemente 15 GER "074FFFFFFF15FF00FF0201F00F02F000-R1" = Polygonzähler 15 GER "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "AllDup_is1" = AllDup 3.4.0 "Audacity_is1" = Audacity 2.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00 "FreeFileSync" = FreeFileSync v5.3 "Guild Wars" = GUILD WARS "ImgBurn" = ImgBurn "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "IrfanView" = IrfanView (remove only) "loadtbs-2.1" = loadtbs-2.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Octane Render 1.022 x64" = Octane Render 1.022 x64 (remove only) "Totalcmd" = Total Commander (Remove or Repair) "UltraISO_is1" = UltraISO Premium V9.33 "UltraStar" = UltraStar 0.5.2 "VLC media player" = VLC media player 2.0.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4155572933-657980158-4089475342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "SOE-DC Universe Online Live" = DC Universe Online Live ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.07.2012 15:17:34 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 15.07.2012 05:54:51 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 16.07.2012 11:15:29 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 19.07.2012 15:52:40 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 24.07.2012 18:29:15 | Computer Name = SuriDT | Source = Application Hang | ID = 1002 Description = Programm DCGame.exe, Version 0.0.16693.5982 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10cc Startzeit: 01cd69eb578d7d00 Endzeit: 118 Anwendungspfad: G:\Spiele\DC Universe Online Live\Unreal3\Binaries\Win32\DCGame.exe Berichts-ID: Error - 26.07.2012 16:13:12 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 26.07.2012 18:59:37 | Computer Name = SuriDT | Source = MsiInstaller | ID = 1013 Description = Error - 02.08.2012 07:13:23 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.08.2012 06:49:38 | Computer Name = SuriDT | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.08.2012 16:55:16 | Computer Name = SuriDT | Source = Application Hang | ID = 1002 Description = Programm SUPER.exe, Version 2.0.12.52 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fc8 Startzeit: 01cd71aa1aff5ae7 Endzeit: 20 Anwendungspfad: C:\Tools\eRightSoft\SUPER\SUPER.exe Berichts-ID: 82cda8a2-ddad-11e1-b4c6-1c6f6581d117 [ System Events ] Error - 04.08.2012 08:35:15 | Computer Name = SuriDT | Source = bowser | ID = 8003 Description = Error - 04.08.2012 08:47:17 | Computer Name = SuriDT | Source = bowser | ID = 8003 Description = Error - 04.08.2012 08:59:17 | Computer Name = SuriDT | Source = bowser | ID = 8003 Description = Error - 04.08.2012 09:11:19 | Computer Name = SuriDT | Source = bowser | ID = 8003 Description = Error - 04.08.2012 09:23:22 | Computer Name = SuriDT | Source = bowser | ID = 8003 Description = Error - 04.08.2012 09:26:41 | Computer Name = SuriDT | Source = WMPNetworkSvc | ID = 866333 Description = Error - 04.08.2012 09:35:23 | Computer Name = SuriDT | Source = bowser | ID = 8003 Description = Error - 04.08.2012 09:47:24 | Computer Name = SuriDT | Source = bowser | ID = 8003 Description = Error - 04.08.2012 09:51:21 | Computer Name = SuriDT | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 04.08.2012 09:51:21 | Computer Name = SuriDT | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
Themen zu GVU Trojaner auf Win7 Pro x64 |
adblock, administrator, adobe, bho, browser, device driver, error, explorer, firefox, format, frage, google, helper, herunterfahren, hängen, install.exe, internet, jdownloader, langs, launch, logfile, msiinstaller, netzwerk, neustart, nvidia update, plug-in, realtek, registry, richtlinie, security, software, spyware.zeus, super, svchost.exe, temp, total commander, trojan.midhos, trojaner, usb |