| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner comebackWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.09.2012, 20:06
| #1 |
 |  GVU Trojaner comeback Hallo und guten tag, Ich habe mir heute schon wieder diesen GVU trojaner eingefangen der mich aufforderte 100 euro per ukash oder paysafecard einzulösen um wieder normal an meinem rechner arbeiten zu können. Ich habe im abgesicherten Modus hochgefahren und systemwiederherstellung gemacht. Nun meldet er sich nichtmehr allerdings läuft der laptop nichtmehr ganz rund,denke da spukt noch was herum. Als erstes hier die erwünschten logs um einsicht in das system zu haben Hier das OTL log: Code:
ATTFilter OTL logfile created on: 17.09.2012 20:16:31 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mama\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,23% Memory free 3,99 Gb Paging File | 2,89 Gb Available in Paging File | 72,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90,25 Gb Total Space | 44,21 Gb Free Space | 48,98% Space Free | Partition Type: NTFS Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 20:07:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe PRC - [2012.09.08 01:52:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.08.08 17:56:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.04 09:50:02 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012.05.08 13:11:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 13:11:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 13:11:24 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.10.12 15:08:20 | 001,224,704 | ---- | M] (VIA.) -- C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe PRC - [2007.05.15 02:31:50 | 000,200,704 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (No Company Name) ========== MOD - [2012.09.08 01:52:37 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.08.04 09:50:01 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Services (SafeList) ========== SRV - [2012.09.08 01:52:37 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 13:11:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 13:11:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2012.05.08 13:11:25 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 13:11:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.17 14:54:29 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.03.19 08:22:44 | 001,387,008 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009.10.22 14:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\69377452.sys -- (69377452) DRV - [2009.10.20 18:47:56 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.10 00:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6937745.sys -- (setup_9.0.0.722_14.08.2012_12-35drv) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.25 18:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\69377451.sys -- (69377451) DRV - [2009.09.10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.09.28 14:51:52 | 000,228,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.14 07:56:32 | 000,780,288 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.07 13:48:42 | 000,218,624 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u) DRV - [2007.05.02 12:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2007.05.02 12:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2007.05.02 12:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) DRV - [2006.11.16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50) DRV - [2006.11.16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3 FF - prefs.js..extensions.enabledAddons: {7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}:0.8 FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0 FF - prefs.js..extensions.enabledAddons: {d4e0dc9c-c356-438e-afbe-dca439f4399d}:1.2 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 01:52:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.21 05:21:22 | 000,000,000 | ---D | M] [2009.12.31 18:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Extensions [2012.09.07 13:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions [2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2} [2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Share Button) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d} [2012.08.01 16:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions [2010.09.03 16:26:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.01 16:32:08 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2} [2012.05.18 12:14:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\ich@maltegoetz.de [2012.09.07 13:15:18 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\hqe0yr0w.default-1136075560189\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.08.14 20:55:23 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\hqe0yr0w.default-1136075560189\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012.08.14 20:59:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\hqe0yr0w.default-1136075560189\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.05 17:14:35 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\jgufvso6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.06.05 13:15:10 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\jgufvso6.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012.07.25 11:36:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\jgufvso6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.03 13:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.09.08 01:52:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.13 08:57:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 01:52:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 08:57:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.02.13 08:57:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 08:57:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 08:57:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.6.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B7AC4E5-810C-484F-B2F4-E22570076F1D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC55169-5853-4D89-8775-1E14EDAF31E7}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4573CF0-FA08-4517-9C15-4AB59BCF7DA6}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.17 20:08:14 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mama\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.17 20:07:10 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe [2012.09.16 08:23:10 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\VampireSagaHL [2012.09.15 02:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\DerModelmörder-1.0 [2012.09.15 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PuzzlesByJoe [2012.09.13 23:28:27 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Anarchy [2012.09.13 23:22:33 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Daedalic Entertainment [2012.09.09 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Freeze Tag [2012.09.07 14:35:36 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Joybits [2012.09.03 16:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.08.27 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevosoft [2012.08.25 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\LaJangada [2012.08.25 12:54:40 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Dragon Altar Games [2012.08.21 17:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.21 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MoMB_Full_Ger [2012.08.21 05:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.08.21 05:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.08.21 04:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.08.21 01:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.08.20 23:09:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2012.08.20 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Anti-Malware [2012.08.20 00:35:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.08.20 00:35:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.08.20 00:35:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.08.20 00:27:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.08.19 23:31:17 | 000,000,000 | ---D | C] -- C:\PerfLogs [2012.08.19 21:58:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.08.19 21:57:55 | 000,000,000 | ---D | C] -- C:\d770272be4a6f804a3edb4af7690224e [2012.08.19 00:01:15 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\IBAGroup [2012.07.07 22:16:52 | 015,267,728 | ---- | C] (Google Inc.) -- C:\Users\Mama\picasa39_136.4-setup.exe ========== Files - Modified Within 30 Days ========== [2012.09.17 20:10:16 | 000,050,477 | ---- | M] () -- C:\Users\Mama\Desktop\Defogger.exe [2012.09.17 20:08:31 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mama\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.17 20:07:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe [2012.09.17 19:49:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.09.17 19:49:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 19:49:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 19:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.17 19:39:34 | 083,023,306 | ---- | M] () -- C:\ProgramData\twabt.pad [2012.09.12 19:24:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.12 19:24:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.12 19:24:10 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.12 19:24:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.11 01:46:03 | 000,001,247 | ---- | M] () -- C:\Users\Mama\Desktop\PrincessIsabella_ReturnoftheCurse - Verknüpfung.lnk [2012.09.11 01:39:30 | 000,001,050 | ---- | M] () -- C:\Users\Mama\Desktop\HodgepodgeHollow - Verknüpfung.lnk [2012.09.11 01:39:21 | 000,000,986 | ---- | M] () -- C:\Users\Mama\Desktop\EpicEscapes_DarkSeas - Verknüpfung.lnk [2012.09.11 01:39:10 | 000,000,845 | ---- | M] () -- C:\Users\Mama\Desktop\DarkRitual - Verknüpfung.lnk [2012.09.06 16:46:44 | 000,310,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.27 16:33:07 | 000,000,908 | ---- | M] () -- C:\Users\Mama\Desktop\GAME CENTER.lnk [2012.08.23 14:37:48 | 000,044,544 | ---- | M] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.21 17:39:50 | 000,173,420 | ---- | M] () -- C:\Windows\System32\cc_20120821_173937.reg [2012.08.21 17:37:37 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.21 05:21:22 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.08.21 01:36:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.08.21 01:21:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.08.21 01:19:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.08.20 23:56:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.08.20 23:56:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.08.20 23:55:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.08.20 00:32:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.08.20 00:32:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2012.08.19 23:10:49 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2012.08.19 23:10:33 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2012.08.19 22:54:26 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl [2012.08.18 21:24:20 | 000,119,695 | ---- | M] () -- C:\Users\Mama\Documents\bookmarks.html ========== Files Created - No Company Name ========== [2012.09.17 20:10:15 | 000,050,477 | ---- | C] () -- C:\Users\Mama\Desktop\Defogger.exe [2012.09.17 19:38:30 | 083,023,306 | ---- | C] () -- C:\ProgramData\twabt.pad [2012.09.11 01:46:03 | 000,001,247 | ---- | C] () -- C:\Users\Mama\Desktop\PrincessIsabella_ReturnoftheCurse - Verknüpfung.lnk [2012.09.11 01:39:30 | 000,001,050 | ---- | C] () -- C:\Users\Mama\Desktop\HodgepodgeHollow - Verknüpfung.lnk [2012.09.11 01:39:21 | 000,000,986 | ---- | C] () -- C:\Users\Mama\Desktop\EpicEscapes_DarkSeas - Verknüpfung.lnk [2012.09.11 01:39:10 | 000,000,845 | ---- | C] () -- C:\Users\Mama\Desktop\DarkRitual - Verknüpfung.lnk [2012.08.27 16:33:07 | 000,000,908 | ---- | C] () -- C:\Users\Mama\Desktop\GAME CENTER.lnk [2012.08.21 17:39:40 | 000,173,420 | ---- | C] () -- C:\Windows\System32\cc_20120821_173937.reg [2012.08.21 17:37:37 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.21 05:21:22 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.08.21 05:21:22 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.21 01:21:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.08.21 01:19:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.08.20 23:55:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.08.20 23:03:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2012.08.20 23:03:55 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2012.08.20 23:03:54 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2012.08.20 00:32:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.08.20 00:32:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2012.08.20 00:03:06 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2012.08.20 00:03:02 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2012.08.20 00:03:02 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2012.08.20 00:02:39 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2012.08.20 00:02:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.08.20 00:02:33 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2012.08.20 00:01:02 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2012.08.20 00:00:55 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2012.08.19 23:59:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.08.19 23:59:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.08.19 23:59:32 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2012.08.19 23:59:31 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2012.08.19 23:59:27 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2012.08.19 23:50:18 | 000,000,955 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.08.19 22:23:36 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc [2012.08.19 22:22:34 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc [2012.08.19 22:22:32 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs [2012.08.19 22:16:49 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl [2012.08.18 21:24:20 | 000,119,695 | ---- | C] () -- C:\Users\Mama\Documents\bookmarks.html [2012.08.17 00:12:34 | 000,001,356 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat [2012.04.11 01:40:03 | 000,000,000 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\wklnhst.dat [2012.01.30 02:34:33 | 000,000,296 | ---- | C] () -- C:\Windows\baldies.ini [2011.12.22 12:59:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.12.22 12:59:52 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.06.21 20:26:35 | 000,012,670 | ---- | C] () -- C:\Users\Mama\AppData\Local\slot1.mm1 [2010.08.03 01:40:38 | 000,000,218 | ---- | C] () -- C:\Users\Mama\.recently-used.xbel [2010.07.28 17:52:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.31 19:30:44 | 000,044,544 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.07.11 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals [2012.07.27 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Aisle 5 Games, Inc [2012.08.09 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Alawar [2012.08.08 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlawarEntertainment [2012.07.09 02:59:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlderGames [2012.06.06 00:02:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Amazon [2011.06.29 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Anabel [2012.09.13 23:28:27 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Anarchy [2012.08.01 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artifex Mundi [2012.08.27 00:15:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artogon [2012.07.11 00:53:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Awem [2012.07.22 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Azuaz Games [2012.08.12 03:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AzuazGames [2011.06.13 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BanzaiInteractive [2012.07.31 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Big Fish Games [2011.06.26 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BloodTies [2012.07.27 19:12:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Blue Tea Games [2012.09.06 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Boomzap [2012.07.02 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Casual Arts [2012.07.25 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\casualArts [2012.08.02 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\CattaleGames [2012.08.10 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\cerasus.media [2012.08.26 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\City Interactive 3 Days Zoo Mystery [2012.09.13 23:22:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Daedalic Entertainment [2012.08.26 10:46:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DAEMON Tools Lite [2012.07.27 20:33:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DailyMagic [2012.08.06 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Deep Shadows [2012.06.21 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Dekovir [2012.08.28 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Dragon Altar Games [2012.06.18 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft [2012.07.27 21:45:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EleFun Games [2012.06.19 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ElementalsTheMagicKey [2012.07.27 12:03:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Elephant Games [2011.07.15 21:06:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enchanted Katya [2012.07.09 01:34:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enki Games [2012.08.08 22:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EntwinedSoD [2011.07.20 12:54:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS G-Studio [2012.08.10 06:20:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS Game Studios [2011.06.26 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EscapeTheMuseum2 [2012.08.12 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Fanda Games [2011.07.03 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Flood Light Games [2011.08.13 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Floodlight Games [2011.06.13 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FloodLightGames [2012.09.09 14:31:01 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Freeze Tag [2012.08.15 11:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Friday's games [2012.02.23 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Frogwares [2012.07.27 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Funzai! [2012.06.29 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GameMill Entertainment [2012.02.27 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gamers Digital [2012.08.05 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GamersDigital [2011.06.15 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Games [2012.08.03 23:42:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ghost Ship Studios [2012.08.04 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GO Games [2012.07.03 17:16:34 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gogii [2012.07.31 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GraveyardShift [2010.08.03 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\gtk-2.0 [2012.07.26 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GTM_Bodie [2012.08.25 10:56:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HdO Adventure [2011.07.16 22:31:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HiT-MM [2012.08.19 00:01:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\IBAGroup [2011.06.12 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\iMaxGen [2012.08.03 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jetdogs Studios [2011.06.14 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jewel Match 3 [2012.09.07 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Joybits [2012.08.25 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LaJangada [2012.06.28 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Lazy Turtle Games [2012.08.21 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LegacyInteractive [2012.02.24 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Legends of pirates [2012.07.09 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LestaStudio [2012.08.04 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LittleGamesCompany [2012.07.31 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MA2 [2011.06.13 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic Academy 2 [2011.07.22 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic3 [2012.08.08 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MagicIndie [2012.08.05 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MediaArt [2012.08.27 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Meridian93 [2012.09.15 02:06:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Merscom [2012.08.21 11:39:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MoMB_Full_Ger [2012.06.20 00:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\monsterz [2012.08.24 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MumboJumbo [2012.07.03 15:40:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Mystery of Mortlake Mansion [2012.08.03 23:03:30 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MysteryStudio [2011.11.11 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon 3 Days Zoo Mystery [2012.07.12 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon Media [2011.06.26 10:04:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1000 [2012.07.09 23:21:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1002 [2011.08.03 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1004 [2011.07.01 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1006 [2009.12.31 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenOffice.org [2012.09.11 01:19:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Orneon [2011.12.22 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PC Suite [2012.06.23 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Peace Craft [2010.08.02 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PeerNetworking [2012.07.03 05:53:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_intenium_se [2012.08.05 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_oberon_se [2012.06.27 03:06:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PlayFirst [2012.07.15 23:17:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PoBros [2012.06.23 01:42:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\pokerth [2012.01.19 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\QuickScan [2012.08.04 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Rainbow [2012.08.05 22:47:16 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Robin Hood [2011.06.25 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\RobinsonCrusoe [2011.12.22 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Samsung [2011.06.13 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SecretIslandDeuBF [2011.06.29 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SerpentOfIsis [2011.06.17 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Settlement. Colossus [2011.07.15 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Silverback Productions [2012.07.08 23:16:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Skunk Studios [2012.06.26 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SMIGames [2011.01.11 10:39:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Software Informer [2010.09.20 20:46:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Sony [2012.08.10 01:39:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SpinTop Games [2012.06.26 22:10:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SprillRichiGerman [2012.01.11 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Suziaz [2012.04.11 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template [2011.06.11 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\The Games Company [2012.07.04 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ThreeDays2 [2012.06.28 03:55:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TikisLab [2011.06.14 09:34:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TitanicMystery [2012.06.26 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TOMI3 [2011.06.29 12:53:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Top Evidence [2012.07.25 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TrickySoftware [2012.02.04 02:59:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ugih [2012.02.24 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\URSE Games [2011.06.16 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\V-Games [2011.06.17 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VampireSaga [2012.09.16 08:23:10 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VampireSagaHL [2012.07.08 00:30:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vast Studios [2012.08.03 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VendelGAMES [2012.08.06 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vogat Interactive [2012.09.12 14:22:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F6A0889A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B38BEEEE @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E5B07840 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:070D9534 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B9555D8 < End of report > Hier der Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 17.09.2012 20:16:31 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,23% Memory free
3,99 Gb Paging File | 2,89 Gb Available in Paging File | 72,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,25 Gb Total Space | 44,21 Gb Free Space | 48,98% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0279128D-7A99-4E9C-8C40-464F2CFA26CC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{04647708-863B-44FE-A3B3-2FFC3222505F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{108C5F05-9271-41A9-B50D-A87D5406BC5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15A9B0DC-2357-48EC-B1D0-29544EC66324}" = rport=5357 | protocol=6 | dir=out | app=system |
"{162DA567-040A-4ECF-A27D-228C462DC2EA}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{2631E0B5-2901-4E41-80F3-226D56FCEA22}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{2AD33912-C4FB-4B2C-9630-F583943659C9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{370D1E25-0BEF-462D-8A2B-1D526EF50707}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{39D42E8B-A4E6-4F59-AC90-CBFDCBC2E617}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3D80D450-401D-475F-93BE-F066061E5B9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4358C905-DAD4-4E2D-8DF2-BDEA78A9ECB8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{54495964-4D7F-4903-8A79-AA689545B640}" = lport=5358 | protocol=6 | dir=in | app=system |
"{60E8876B-A8C2-451D-A127-5125063E7642}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{616D60C7-D0CA-4A1E-928F-AF8CC48C26C6}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6BF0F855-9064-413B-A727-284F44BC54A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CB5E8B7-AABA-4F6B-8AF4-F312A10A45EA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{72BBCA02-8591-4063-9897-C3337FDB155D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{8C19C07A-B4D3-4B5A-A699-C1266660C4A9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{965778AA-73A6-4C5B-87A4-BA9C52F5F536}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{9AD5818F-899B-480C-954A-BEBB73A8C9BE}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9DAF3760-A043-477F-AE59-8B3D91C02284}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A507FA70-1F8C-4D9E-A16A-678DF0A19711}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{AFD01500-56AE-409A-96F2-95F8299332B3}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{B6010058-0FA9-43BC-BC34-3FD945B33A40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAC30578-3B48-49A1-BF7A-C72626CBCD3D}" = lport=5357 | protocol=6 | dir=in | app=system |
"{BC868ECA-82D8-4395-8F9E-57CD4FADF269}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C0259041-FE49-4FBE-9AD0-3DE7BD31A95B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{CD6B6D71-AB49-44D5-A654-6D704D70DA0F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{DE8246AE-7644-4AFE-A74B-8227AF7FEDE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFC21684-F556-4B5D-9A3A-8300CD80AF97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EF1A1B29-0CD3-4A7E-AA4B-84CCE454B827}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{FBE458BA-8047-4EB9-841F-769029900D4C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AD431C-6341-4738-84E5-FC77EAA7F88E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{06F81348-3EEC-4668-98A5-AB8EC0811924}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0DE19243-92B9-49D3-8237-E0D1B362C445}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2928B73F-FE5C-4018-8C1C-E2576BB023C6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{29CF3C40-8D93-490C-8129-53111D4944E9}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{48561C72-8761-4FBB-B87F-8F2CC9BC940F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4F027D72-C8D5-493D-9ADB-742C7350CD64}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{52D665F7-4988-4215-A183-627ADB930F56}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{62BC5299-15A8-4F3D-85D7-EAB9DBDBB0AF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{7917FD91-C9B8-43C0-8018-760694C5BF20}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{83E0C7AE-B412-441D-A935-6BB6145312B1}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{8C3A0F9B-A7D1-4B60-8801-9EB0A74B0691}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9A32A6C9-3A3B-4D84-9FD8-FADCCC50C10D}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{B1F7C501-7443-4F9B-84BC-4B0DE0478435}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{BD4D9D55-EC37-4874-90C6-E942BE656DAE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{C61FCDE4-FB92-452D-95A0-6C9C2B1D6F82}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{E54BBEAA-AF5C-4182-BDAA-9C5E527B146B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{EA70FDBB-B2E4-402C-8F03-369EB72E5A2B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{EA77EE00-CF71-46AA-865A-714E5D878AC8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EBC13011-CB9E-434F-96B6-1A6A3EA4D2EC}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{FBDE2F07-9772-4BA0-8CBB-5F48649BF560}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{2B70DF47-7CFE-44DF-B5F0-EC88BEB43A26}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{BB2152AC-1DF0-4915-B540-AE2BB8DB09AF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C92C88EE-DA07-46AB-B88A-2F9EFDBD410C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CD6AF78C-BD25-4B81-8806-45C70A2FFA93}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK-Clientinstallationsprogramm
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"FL Studio 10" = FL Studio 10
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Chrome9 HC IGP Family Windows Vista Display
"VLC media player" = VLC media player 1.1.7
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2012 13:40:26 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.09.2012 13:40:26 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.09.2012 17:11:00 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.1.4631, Zeitstempel
0x5047f9c5, fehlerhaftes Modul xul.dll, Version 15.0.1.4631, Zeitstempel 0x5047f93b,
Ausnahmecode 0xc0000005, Fehleroffset 0x0010e567, Prozess-ID 0xa50, Anwendungsstartzeit
01cd91d546446944.
Error - 13.09.2012 17:23:53 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
0x4c3d9e5e, fehlerhaftes Modul VTGOGL32.dll, Version 7.14.14.10, Zeitstempel 0x4670f44b,
Ausnahmecode 0xc0000005, Fehleroffset 0x00146a14, Prozess-ID 0x56c, Anwendungsstartzeit
01cd91f5c5c8724a.
Error - 13.09.2012 17:23:56 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
0x4c3d9e5e, fehlerhaftes Modul opengl32.dll, Version 6.0.6000.16386, Zeitstempel
0x4549bda4, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a310, Prozess-ID 0x56c,
Anwendungsstartzeit 01cd91f5c5c8724a.
Error - 13.09.2012 17:24:50 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
0x4c3d9e5e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d, Prozess-ID 0x1130, Anwendungsstartzeit
01cd91f618fc810e.
Error - 13.09.2012 17:26:29 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
0x4c3d9e5e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d, Prozess-ID 0x1274, Anwendungsstartzeit
01cd91f6584e6a5c.
Error - 13.09.2012 17:27:32 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
0x4c3d9e5e, fehlerhaftes Modul VTGOGL32.dll, Version 7.14.14.10, Zeitstempel 0x4670f44b,
Ausnahmecode 0xc0000005, Fehleroffset 0x00146a14, Prozess-ID 0x1fd0, Anwendungsstartzeit
01cd91f6741298a8.
Error - 13.09.2012 17:27:35 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
0x4c3d9e5e, fehlerhaftes Modul opengl32.dll, Version 6.0.6000.16386, Zeitstempel
0x4549bda4, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a310, Prozess-ID 0x1fd0,
Anwendungsstartzeit 01cd91f6741298a8.
Error - 14.09.2012 12:01:42 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.1.4631, Zeitstempel
0x5047f9c5, fehlerhaftes Modul xul.dll, Version 15.0.1.4631, Zeitstempel 0x5047f93b,
Ausnahmecode 0xc0000005, Fehleroffset 0x0010e567, Prozess-ID 0xadc, Anwendungsstartzeit
01cd927b69b5a6ee.
[ System Events ]
Error - 17.09.2012 13:41:43 | Computer Name = Mama-PC | Source = DCOM | ID = 10005
Description =
Error - 17.09.2012 13:41:45 | Computer Name = Mama-PC | Source = DCOM | ID = 10005
Description =
Error - 17.09.2012 13:42:01 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.09.2012 13:42:01 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.09.2012 13:44:44 | Computer Name = Mama-PC | Source = DCOM | ID = 10005
Description =
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.09.2012 13:54:30 | Computer Name = Mama-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen.
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.135.949.0
Ladende
Modulversion: 1.1.8704.0
< End of report >
|
| Themen zu GVU Trojaner comeback |
| akamai, antivir, autorun, avira, bho, error, euro, firefox, flash player, format, helper, home, install.exe, kaspersky, logfile, mozilla, ntdll.dll, plug-in, registry, rundll, scan, security, software, svchost.exe, trojaner, updates, vista |
Baum-Darstellung